Until now, the lx_emul layer addressed a 5.11 Linux Kernel port,
now that we add new architectures it is better to update the default version
first. There are especially changes in the task_struct code,
and the signature of some functions in the paging subsystem changed.
Ref genodelabs/genode#4411
We use the architecture-specific setjmp/longjmp implementation without
modification in the newer lx_kit implementation as well. There is no
need for a duplication.
Ref genodelabs/genode#4411
In the error case of socket_fs_accept() the Unconfirmed utility was
incompletely applied with the result of executing the cleanup routines
in the wrong order.
Fixes#4417
This patch removes the implicit build of ld-$(KERNEL) by the generic
ld.mk file because the kernel-specific dynamic linker is unreachable
when building a regular binary archive.
Issue #4320
When 'KERNEL' is specified, let the generic (pseudo) target of
lib/mk/ld.mk trigger the build of the actual dynamic linker named after
the used kernel. This way, we become able to remove the magic
linker-build step from the boot-image stage of the run tool.
Issue #4320
This patch applies the existing "privatization" of transitive
shared-library dependencies from static lib dependencies to shared lib
dependencies. It thereby improves the consistency of binaries created in
a regular build directory with binaries created in depot archives.
Issue #4408
This patch makes nitpicker's "clicked" report useful for the detection
of clicks outside of any client. This is needed in situations where the
dialog should close when clicking outside its screen area. In the new
version, a click outside any client results in a report without a
'label' attribute. Furthermore, the report is augmented by the sequence
number of the click, which allows for freshness checks by the consumer of
the report (i.e., sculpt_manager).
Issue #4398
If the buffer contains padding at the end, the iteration must continue
in order to restart iteration from the start of the buffer.
genodelabs/genode#4244
The archive contents are equivalent except the creation date of the
top-level directory.
-drwxr-xr-x guivol/users 0 2021-01-07 12:54 jpeg-9d/
+drwxr-xr-x guivol/users 0 2022-01-04 12:02 jpeg-9d/
Fixes#4406
The functionality of the test-block-client, test-block-server, and
test-block-bench components is now covered by the block_tester
application and the vfs_block server.
Issue #4405
This patch eliminates warnings that occurred as side effect of using the
'Session_policy' utility ("Warning: no policy defined for label...").
The new version uses the 'with_matching_policy' function instead, which
has the nice side effect of simplifying the error handling.
This patch makes the server-side policy-matching logic available outside
the 'Session_policy' class. Given that the new 'with_matching_policy'
function does not throw any exception, it gives server implementations
the freedom to avoid the C++ exception mechanism for the policy handling.
If the platform driver lacks the 'managing_system="yes"' attribute,
requests for DMA addresses return 0. This patch is meant to help
diagnosing such configuration issues.
Issue #2243
This patch enhances the PD-session interface with the support needed for
user-level device drivers performing DMA. Both RPC functions are
intended for the direct use by the platform driver only. If invoked for
PDs that lack the managing-system role, the operations have no effect.
The 'dma_addr()' RPC function allows the platform driver to request the
DMA address of a given RAM dataspace. It is meant to replace the
'Dataspace::phys_addr' RPC function.
The 'attach_dma' RPC function adds the given dataspace to the device
PD's I/O page table. It replaces the former heuristics of marking DMA
buffers as uncached RAM on x86.
With this patch, the UNCACHED attribute of RAM dataspaces is no longer
used to distinguish DMA buffers from regular RAM dataspaces.
Issue #2243
This patch makes Sculpt's leitzentrale GUI able to respond to touch events. It
formerly assumed that click/clack events are always preceded by hover reports
that identify the clicked-on widgets. For touch events, however, the most
up-to-date hover information referred to the previous click because there is no
motion without touching. So the GUI tended to identify the wrong widgets as
click targets.
The patch solved this problem by testing the freshness of the hover information
at the time of the click. If the hover information is older than the click, the
action is deferred until up-to-date hover information becomes available.
Fixes#4398
The new event type allows for the propagation of sequence numbers as a means to
validate the freshness of input handling. E.g., an menu-view-based application
can augment artificial sequence numbers to the stream of motion events supplied
to 'menu_view'. Menu view, in turn, can now report the latest received sequence
number in its hover reports, thereby enabling the application to robustly
correlate hover results with click positions.
Issue #4398
This patch replaces formerly blocking packet-stream operations by
the explicit use of 'wait_and_dispatch_io_signal' for blocking.
It also removes a misleading comment that promised a fire-and-forget
behavior whereas the implementation relied on blocking I/O anyway.
Issue #4390
Errors during IPC receive-and-wait can occur at the server side when
a client is killed. This condition is not an error from the server's
perspective. We used to print a message nevertheless, since the
condition is rather exceptional. However, when printed during the
test-sequence test, the messages interfere with the pattern matching of
the depot_autopilot, flagging the successful test as an error.
The VFS block plugin used to depend on the blocking semantics of the
packet stream's 'get_acked_packet'. This patch replaces this dependency
by the use of 'wait_and_dispatch_one_io_signal'. However, in order to
implement this change, the custom instance of a 'Signal_receiver' had to
be removed as well.
To keep this patch as little invasive as possible, it does not touch the
direct use of the block session's packet stream, which should better be
replaced by the 'Block::Connection::Job' API.
Issue #4390
The zynq_nic_drv follows a zero-copy approach and thus uses the packet
buffers as DMA memory. In order to know when the RX DMA memory can be used
for another packet, a custom ack_avail_handler is needed.
Similarly, packets received from the Uplink session are not copied to a
DMA buffer but to directly passed on as DMA memory. For this purpose,
a a custom packet_avail handler is needed.
genodelabs/genode#4384
The 'read' and 'write' utilities are from a time before the VFS API
as os/vfs.h was available. They rely on the (now removed) blocking
semantics of the packet-stream interface.
The only remaining legitimate use case of the direct interaction with
the file-system session without VFS is the back end of gcov, which needs
a way to exfiltrate the statistical data using a channel that is
independent from the libc or the VFS.
Issue #4390
This patch replaces the direct use of a file-system session via the
'file_system/util.h' helpers by the VFS using the os/vfs.h API. This
makes the component more flexible while removing the dependence from
read and write utilities of file_system/util.h, which happen to rely on
the (now removed) blocking packet-stream semantics.
Issue #4390
This patch replaces the direct interaction with the packet stream of
the block session by the use of the 'Block::Connection::Job' API,
removing the reliance on blocking packet-stream semantics.
Since I/O signals can now occur during 'Backend::submit', the patch
conditions the periodic calls of 'rump_sys_sync' by taking the backend
state into account.
Issue #4390
Since the change "block_tester: limit batching in sequential test", the
sequence test blocks infinitely when encountering a length value smaller
than the block size.
This patch takes precautions against the use of blocking packet-stream
operations like 'submit_packet'.
With the change of issue #4388, the ready-to-submit signals are no
longer implicitly handled. Hence, a call of submit_packet to a
saturated submit queue blocks infinitely.
Issue #4390
Even though the use of the C++ exception mechanism (and the implicit use
of the cxx heap) is not a problem at the server side, this patch
nevertheless replaces the exception-based return-value handling to make
the code consistent with the ipc_call path.
Issue #3612
* use 'Id_space::apply_any' instead of 'for_each' to destroy session local
buffer objects
* save session capability in session because 'cap()' is not valid in
'Session_component' destructor because it was dissolved before calling
'Root::_destruct_session', the cap is necessary to remove owned
buffers from the EP
issue #4380
Do not import a freshly allocated buffer to all contexts eagerly.
Instead check buffer list in context's 'exec_buffer' call and import
only buffers needed and not present before GPU execution. This leads to
improved performance for applications that use many OpenGL contexts
(e.g., VirtualBox 6).
issue #4380
* retrieve Genode::Env from plugin, this way no mesa applications need to
be changed.
* add 'vfs_gpu' api
* remove when all required functionality is implemented within the plugin.
issue #4380
Implement GLX and X functionality through Mesa's EGL interface. This
requires multiple OpenGL contexts and in turn GEM context support in
libdrm/iris, as implemented in libdrm and intel_gpu_drv.
Update recipes and machine.vbox6 files accordingly,
issue #4380
Retrieve multiple GPU sessions from VFS plugin, take advantage of buffer
import/export functionallity in order to implement gem context support.
Multiple contexts share all GPU buffers, but use different GPU sessions
and thus, differnt page tables and hardware contexts.
issue #4380
Add 'export_buffer'/'import_buffer' calls in order to support buffer
sharing between GPU sessions.
Reduce CAP costs for Gpu::Connection from 256 to 32.
issue #4380
Synchronize GPU completion by calling 'read' of the vfs_gpu plugin. This
enables pthreads to wait for GPU completions instead of the main EP.
issue #4380
When a <gpu> node is present in the VFS, the plugin opens a
Gpu::Connection for each open call to the 'gpu' node and installs a
completion signal handler. A read only to the fd returned only comes
back if a completion signal has been received between two read
transctions to the fd.
For now the Gpu::Connections can be retrieved by calling the
'vfs_gpu_connection(unsigned long id)' function. The id can be obtained
using 'stat' on the 'gpu' device and is located in the inode (st_ino)
field of the stat buffer.
issue #4380
* let iris handle buffer management, this implies that BOs are mapped to
the PPGTT during buffer execution and unmapped by iris later, for this
to work buffers need to be unmapped when allocating cached BOs
(vma_free) which requires a patch
* support lseek (drm_lseek for now) for determining object size
issue #4380
Account RAM and CAP resources for GPU sessions and trigger client
upgrades before allocating resources at the multiplexer. This prevents
the multiplexer from running out of resources.
issue #4380
Imagine receiving the signal for an available TX ack or an available RX packet
at the Uplink connection but a later received signal for a link-state change
(to link state "down") at the same connection is handled first and destructs
the Uplink connection before the handling of the former signals. In this case,
the methods 'Uplink_client_base::_conn_tx_handle_ack_avail' and
'Uplink_client_base::_conn_rx_handle_packet_avail' must be guarded against an
unconstructed '_conn' member, but they weren't so far.
Fixes#4384
So far, the generic Uplink connection code considered NIC drivers to transmit
connection RX packets in three different manners. Most of the drivers follow
the "normal" way of transmission with only one driver callback from generic
code. The monolithic USB NIC-driver, however, used to send in a "burst" mode
that required a dedicated path with multiple driver callbacks in the generic
code. And then there were drivers that had a fully custom function for doing
transmissions.
Also for handling connection TX acks, there was a "normal" and a
"custom handler" way.
Today, all NIC drivers in the Genode repos and the Genode-World repo follow the
"normal" way. Therefor, the unused code can be removed.
Ref #4384
Only parse output of the test programs one-by-one and ignore log
messages from other components not starting with '[init -> test$number]'.
Fixes sporadic failures on KERNEL=sel4 due to the following warning from
core.
Warning: flush page table entries - mapping cache full - PD: init -> test1
To actually receive audio input in a particular VM, it also
needs to be enabled in the vbox file:
<AudioAdapter controller="HDA" driver="OSS" enabled="true"
enabledOut="true" enabledIn="true"/>
Fixes#4377
On some boards or emulators a CPU might be executing in hyp mode
when entering Genode's bootstrap code. In that mode the 'cps' instruction
is not defined. Therefore, we change the way the boot cpu is identified.
Ref #3415
* renamed rpi pic to Bcm2835_pic
* renamed rpi3 pic to Bcm2837_pic
* added bcm2837 control for setting prescaler value (to fix timer_accuracy)
* changed handling of all interrupts for rpi3 by cascading to bcm2835 pic
* rpi3 irq controller base address made consistent with rpi
* added usb controller memory region for pic on rpi3 (for SOF interrupts)
Ref #3415
The socket type (in the lower bits) maybe ORed with SOCK_CLOEXEC and
SOCK_NONBLOCK options (in the higher bits). Currently, supported values
are SOCK_STREAM (1) and SOCK_DGRAM (2), so just take the lower 2 bits.
This fixes treating `SOCK_STREAM` sockets as UDP if additional flags
were set.
Fixes#4370
This patch equips Sculpt with the ability to customize the system image
in very flexible ways.
All customizable aspects of the image have been relocated from the
former sculpt.run script and the accompanied gems/run/sculpt/ directory
to a new location - the sculpt/ directory - which can exist in any
repository. The directory at repos/gems/sculpt/ serves as reference.
The sculpt directory can host any number of <name>-<board>.sculpt files,
each containing a list of ingredients to be incorporated into the
Sculpt system image. The <name> can be specified to the sculpt.run
script. E.g., the following command refers to the 'default-pc.sculpt'
file:
make run/sculpt KERNEL=nova BOARD=pc SCULPT=default
If no 'SCULPT' argument is supplied, the value 'default' is used.
A .sculpt file refers to a selection of files found at various
subdirectries named after their respective purpose. In particular, There
exists a subdirectory for each file in Sculpt's config fs, like
nitpicker, drivers... The .sculpt file selects the alternative to use
by a simple tag-value notation.
drivers: pc
The supported tags are as follows.
*Optional* selection of /config files. If not specified, those files are
omitted, which prompts Sculpt to manage those configurations
automatically or via the Leitzentrale GUI:
fonts
nic_router
event_filter
wifi
runtime
gpu_drv
Selection of mandatory /config files. If not specified, the respective
'default' alternative will be used.
nitpicker
deploy
fb_drv
clipboard
drivers
numlock_remap
leitzentrale
usb
system
ram_fs
Furthermore, the .sculpt file supports the optional selection of
supplemental content such as a set of launchers.
launches: nano3d system_shell
Another type of content are the set of blessed pubkey/download files
used for installing and verifying software on target.
With the new version, it has become possible to supply a depot with the
the system image. The depot content is assembled according to the 'pkg'
attributes found in launcher files and the selected deploy config.
The resulting depot is incorporated into the system image as 'depot.tar'
archive. It can be supplied to the Sculpt system by mounting it into the
ram fs as done by the 'ram_fs/depot' configuration for the ram fs.
It is possible to add additional boot modules to the system image. There
are two options.
build: <list of targets>
This tag prompts the sculpt.run script to build the specified targets
directly using the Genode build system and add the created artifacts
into the system image as boot modules.
import: <list of depot src or pkg archives>
This tag instructs Sculpt to supply the specifid depot-archive content
as boot modules to the system image. This change eliminates the need for
board-specific pkg/sculpt-<board> archives. The board-specific
specializations can now be placed directly into the respective .sculpt
files by using 'import:'.
To make the use of Sculpt as testbed during development more convenient,
the log output of the drivers, leitzentrale, and runtime subsystems
can be redirected to core using the optional 'LOG=core' argument, e.g.,
make run/sculpt KERNEL=linux BOARD=linux LOG=core
The former pkg/sculpt-installation and pkg/sculpt-installation-pc
archives have been replaced by pkg/sculpt_distribution-pc, which
references the generic pkg/sculpt_distribution archive. Those pkgs are
solely used for publishing / distribution purposes.
Fixes#4369
When used by the 'Allocator_avl' the slab allocator's backing store is
dynamically disabled and re-enabled while adding/freeing ranges.
However, during those operations, slab entries can be freed. This,
in turn, can result in the release of a slab block (when the freed slab
entry happens to be the last entry of the block). In this corner case,
'Slab::_release_backing_store' operation has no effect because no
backing-store allocator is set. As a result, the block is no longer
referenced but not physically freed.
The patch fixes the problem by skipping '_free_curr_sb' whenever
no backing store is defined. So the completely empty block remains
in the working set.
Thanks to Peter for reporting and fixing this issue!
Fixes#4367
- Consider 'sdl' as source of input events in the event-filter
configuration as generated by the sculpt manager
- Supply an artificial 'platform_info' ROM as requested by the
sculpt manager to obtain the affinity-space information
- Substitute 'fs_rom' for 'cached_fs_rom' as a workaround for the
lack of support for managed dataspaces on Linux
Fixes#4362
This change keeps the version-controlled 'pubkey' and 'download' files
separate from files generated via depot/create or downloaded via
depot/download. So one can remove the entire depot/ directory without
interfering with git.
Furthermore, depot keys can now be hosted in supplemental repositories
independent from Genode's main repository.
Fixes#4364
Fix some trivial cases where the signedness of the constant value does
not match the signedness of type the code expects to see. GCC can be
asked to warn about those by passing Wsign-covnersion flag.
Issue #4354
This comes up when building the code with clang 13. It happens due to
recently enabled Wconversion warning, which in case of clang also
enables implicit-int-conversion warning. The warning reads:
fs_file_system.h:937:44: error: higher order bits are zeroes after
implicit conversion [-Werror,-Wimplicit-int-conversion]
::File_system::Watch_handle fs_handle { -1U };
~~~~~~~~~ ^~~
This can be fixed by properly specifying fs_handle value to be of
unsigned long type.
Issue #4354
As far as I can tell this is not raised by any released GCC versions.
Clang 13 on the other hand warns about it due to implicit-int-conversion
warning which is automatically enabled together with Wconversion. The
problem is relatively simple, shifting access_t value does not always
produce result which is also of access_t type. For example, if access_t
is uint16_t, shifting it will produce integer result. This can be
observed even with GCC. Building the following C++ example will fail:
#include <type_traits>
#include <stdint.h>
int test() {
uint16_t a = 0xabcd;
static_assert(std::is_same_v<decltype(a<<1), uint16_t>);
return 0;
}
Changing uint16_t in the static_assert to int, will allow the code to
build.
Make such int to access_t implicit conversion explicit to allow the code
to be compiled with both GCC and clang.
Issue #4354
The path for the `nameserver` file was fixed to `/socket/nameserver`.
So, if the socket directory was configured differing from `/socket`, DNS
did not work. Now the default path for the `nameserver` takes into
account the path configured in the `socket` libc config attribute.
Fixes#4318Fixes#4343
Remove '_expected_offset' check on round trip test from RX packet,
because allocators between RX/TX can have different allocation
strategies. Rely on 'pattern' check for RX packets only.
In loopback server alloc size must match actual packet size.
issue #4312
Override 'try_alloc/free' because ethernet frame headers are 14 bytes
(src/dst mac (12) + ethertype (2)) causing the IP header to be 2 byte
aligned, leading to problems on platforms that require load/store
operations to be naturally aligned when reading, for example, 4 byte IP
addresses. Therefore, we align the allocation to 2 bytes, so the IP
header is aligned to 4.
issue #4312
This patch improves the robustness of the CPU-affinity handling.
- The types in base/affinity.h received the accessors
'Location::within(space)' and 'Affinity::valid', which alleviates
the fiddling with coordinates when sanity checking the values,
in init or core.
- The 'Affinity::Location::valid' method got removed because its
meaning was too vague. For sanity checks of affinity configurations,
the new 'within' method is approriate. In cases where only the x,y
values are used for selecting a physical CPU (during thread creation),
the validity check (width*height > 0) was not meaningful anyway.
- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
as argument because a location always relates to the bounds of
a specific space. This function now implements the selection of
whole rows or columns, which has previously a feature of the
sandbox library only.
- Whenever the sandbox library (init) encounters an invalid affinity
configuration, it prints a warning message as a diagnostic aid.
- A new 'Affinity::unrestricted' function constructs an affinity that
covers the whole affinity space. The named functions clarifies
the meaning over the previous use of the default constructor.
- Core's CPU service denies session requests with an invalid
affinity parameter. Previously, it would fall back to an
unrestricted affinity.
Issue #4300
Instead of using a bitfield for storing rwx and skip boolean value,
take a boolean instead. This fixes a note giv]en by GCC 9.1 about
changes semantics of bitfields given as parameter by value on ARM.
Ref #4344
Similar to other devices allow for selecting a graphics device as
well. This is currently only useful on iMX8-based systems like
iMX8Q-EVK and MNT Reform2 where the driver is explicitly started
from a pkg.
Fixes#4342.
After VirtIO::Queue refactoring buffers no longer share the same
dataspace as VirtIO rings. This makes optimal buffer calculations a lot
easier. In this case 64 buffers 2kB each will need precisely 128kB of
RAM. Previous value of 2016 will just waste 768b.
Fixed#4347
The key changes in this patch are:
* Buffer allocation is moved into a separate Buffer_pool helper. The
implementation of the buffer allocation strategy does not change.
The helper allocates a single RAM dataspace and splits it in multiple,
equally sized chunks.
* Management of main descriptor ring is enacapsulated in Descriptor_ring
helper class.
* Use separate RAM dataspaces for descriptor rings and buffers.
Previously both of them were packed into a single dataspace. This
might have been more RAM efficient, but IMO it made the code uglier and
harder to understand.
* All of the VirtIO::Queue members are now initialized on the class member
initializer list. This is possible due to previously listed changes.
* Since all VirtIO::Queue members are initalized on member initalizer
list, some additional ones can be marked as const, ex _avail, _used ring
pointers.
* Move descriptor writing code into a common method used by both
write_data and write_data_read_reply members. This avoids some code
duplication between those methods.
* Get rid of request_irq argument that most public VirtIO::Queue methods
accept. None of the existing drivers use it and I doubt this will
change any time soon.
* Use Genode namespace by default in Virtio.
This patch also fixes at least one bug that I discovered while working
on VirtIO block device driver. Namely, when chaining descriptors only the
first descriptor in the chain should be exposed in the available ring.
Issue #4347
The const-variant of the data() method contained an erroneous
calculation of the tail size. This led to the size guard throwing
exceptions when trying to parse TCP packets that only contained the
TCP header.
Fixesgenodelabs/genode#4340
Thanks to Piotr Tworek for the fix and his explanation as follows:
The basic idea is to try to fit payload data into the descriptor used to
send the header. If there is no payload, or the payload fits exactly
into the remaining space in the header decriptor, len should be 0 and
only one descriptor should be used. In such case the "next" and "flags"
members of the descriptor structure should be set to 0.
In case there is some extra payload data to send, but its size is
bigger than the remaining free space in the descriptor used to send the
header, len should contain the remaining size of the payload that
can't be sent via the header descriptor. The code will then chain
additional descriptors to handle this remainder.
With the len variable shadowing, the code will never queue the remaining
data.
Issue #4327
Share datastructures for clock, power and reset related configurations
per device. In the generic platform driver component these structures
are kept empty. Driver derivates can fill the clocks settings, power and
reset switches with life. The former Driver::Env gets removed.
Fix#4338
This change of the inner working of the platform driver for ARM allows
clients to have permanent open sessions, as long as a policy node matches
the client. If devices disappear from the policy resp. from the set of
available devices (hotplug), the devices ROM of the session gets updated,
and a corresponding device session gets closed. If the device remains
untouched in the configuration but other devices appeared/disappeared, the
device session is not affected.
Ref #4330
The requested guest-physical memory range may comprise multiple attached
dataspace regions, which must all be detached. This is not required for
the current vbox5 implementation, but for vbox6 as the current API
suggests these semantics.
This commit can be seen as intermediate fix as a real fix should change
the API to prevent long-running detach loops in core that may lock out
requests by other components.
* Only give managing_system permission when all parent nodes of the
corresponding component agree in doing so.
* Move the physical memory constrains heuristic from sandbox library to core
Fix#4335
* Track all caps and ram quotas of the sub-sessions properly
* Release DMA buffers, it is not done implicitely when destroying
the Constrained_ram_allocator
* Do not replenish quota before really releasing memory from
the allocator
Issue #4330
The Session_component must be destroyed before updating the device
model because the Session_component must also release all previously
acquired devices. If the device model is updated before, the devices
might have been removed.
Issue #4330
Pre-allocate all possible type of policy objects as part of the thread meta
state to avoid increased memory consumption due to different policy object
sizes. The cpu_balancer accounts the memory per client and can't forward
potentially occurring out-of-ram exceptions during config-ROM update phases.
Fixes#4333
The commits avoids reading in and allocating memory for all potentially
threads, which are potentially currently not existent (but configured in the
policy beforehand). Instead the policy is read in and evaluated when a thread
is created and policy changes are solely applied to existing/running threads.
By this the commit avoids the increase of memory consumption during the
evaluation of policies during config ROM updates.
Issue #4333
This implements the necessary bits to provide 2D framebuffer support on
top of VirtIO GPU device as implemented in Qemu. I don't know if any
other implementation of this specific device exists.
Compared to the ramfb driver which already exists in Genode Virtio FB driver
has one major benefit. It allows Qemu window to be dynamically resized at
runtime. The driver will treat this as resolution change and act accordingly.
Ramfb driver can currently only use the hardcoded 1024x768 screen size. Changing
screen resolution might not sound like a big deal, but it is rather useful to
run Genode on Qemu in full screen mode.
