This patch introduces the file-system-session interface, provides an
implementation of this interface in the form of an in-memory file
system, and enables the libc to use the new file-system facility.
The new interface resides in 'os/include/file_system_session/'. It
uses synchronous RPC calls for functions referring to directory
and meta-data handling. For transferring payload from/to files, the
packet-stream interface is used. I envision that the asynchronous design
of the packet-stream interface fits well will the block-session
interface. Compared to Unix-like file-system APIs, Genode's file-system
session interface is much simpler. In particular, it does not support
per-file permissions. On Genode, we facilitate binding policy (such as
write-permission) is sessions rather than individual file objects.
As a reference implementation of the new interface, there is the
new 'ram_fs' service at 'os/src/server/ram_fs'. It stores sparse
files in memory. At the startup, 'ram_fs' is able to populate the
file-system content with directories and ROM modules as specified
in its configuration.
To enable libc-using programs to access the new file-system interface,
there is the new libc plugin at 'libports/src/lib/libc-fs'. Using this
plugin, files stored on a native Genode file system can be accessed
using the traditional POSIX file API.
To see how the three parts described above fit together, the test
case at 'libports/run/libc_fs' can be taken as reference. It reuses
the original 'libc_ffat' test to exercise several file operations
on a RAM file-system using the libc API.
:Known limitations:
The current state should be regarded as work in progress. In particular
the error handling is not complete yet. Not all of the session functions
return the proper exceptions in the event of an error. I plan to
successively refine the interface while advancing the file-system
implementations. Also the support for truncating files and symlink
handling are not yet implemented.
Furthermore, there is much room for optimization, in particular for the
handling of directory entries. Currently, we communicate only one dir
entry at a time, which is bad when traversing large trees. However, I
decided to focus on functionality first and defer optimizations (such as
batching dir entries) to a later stage.
The current implementation does not handle file modification times at
all, which may be a severe limitation for tools that depend on this
information such as GNU make. Support for time will be added after we
have revisited Genode's timer-session interface (issue #1).
Fixes#54Fixes#171
The 'Session_policy' helper could not cope well with configurations that
contain nodes of a type other than '<policy>'. This patch improves the
policy matching by skipping non-policy nodes.
This patch implements a Genode-specific audio backend for SDL.
The audio volume (in percent) can be configured in the config file of the
SDL application:
<config>
<sdl_audio_volume value="100"/>
</config>
Fixes#204.
Due to recent changes on the Fiasco.OC platform, when building ldso
applications for this platform the std::terminate function is needed
by the ~Ipc_server destructor. So we've to add it to ldso's whitelist.
This commit introduces placement new/delete, and a constructor for
Heap::Dataspace objects. It fixes the usage of uninitialized Dataspace
objects when expanding the heap that lead to problems in conjunction
with Native_capability smart-pointer in base-foc. Please refer to
issue #203.
This patch increases the size of the JDB kernel object names buffer. The
original size was too small for some Genode scenarios and caused missing
thread names in the kernel debugger thread list.
Fixes#191.
This patch increases the stack size of entrypoint threads in the PCI and
PS/2 drivers, in the Terminal server and in the Signal service for 64-bit
Genode/Fiasco.OC built with -O0.
Fixes#198.
With this patch the Genode thread used by the QThread class gets deleted
when 'QThread::wait()' gets called and the timeout didn't trigger or when
'QThread::terminate()' gets called.
Fixes#193.
When unmarshalling capabilities it is checked, whether a capability with the
id was leaking, but this isn't done when creating a thread. Here the capability
is transfered indirectly via the thread state object. This patch checks for
old leakage capabilities while thread creation.
Due to recently introduces smart-pointers to Cap_index objects it's
necessary to always keep at least one reference as long as a corresponding
slot in the capability-space of a process is in use. This is especially
important for L4Linux that uses cap-slots directly without the given
abstractions of Genode.
The syscall l4_task_cap_equal almost returns false although the referenced
kernel-objects are equal. This patch changes the semantic of the syscall so
that whenever two capabilities refering the same kernel-object are compared
it will return true. Please refer to the discussion of the following mail
thread:
http://www.mail-archive.com/l4-hackers@os.inf.tu-dresden.de/msg05162.html
When a portion of the sliced heap gets freed, the corresponding block
gets removed from the list of blocks, and it's dataspace containing the
block gets detached, but it's destructor never gets called. This leads
to leaking capabilities, when Native_capability is implemented as
smart-pointer, because the destructor of Ram_dataspace_capability that
is part of the Block object gets never called.
Implements Native_capability as smart-pointer type referencing Cap_index
objects. Whenever capabilities are copied, assigned, constructed, or destructed
the reference-counter of the Cap_index is incremented/decremented. When it
reaches zero the Cap_index is removed from the process-global cap_map and
gets freed. Fix for issue #32.
Whenever Native_capability or its derivation Capaility is memcpy'd no copy-
constructor/assignment-operator is used and thereby implementation of
reference-counting gets impossible for these objects. Use object-oriented
means like e.g. copy-constructor instead.
The original loader service was primarily motivated by the
browser-plugin scenario presented on our live CD. The new version
implements a more general session interface, which widens the
application scope of the service and, at the same time, reduces its
implementation complexity.
The complexity reduction is achieved by removing the original limitation
of supplying the new sub system as a single binary blob only. The server
used to implement heuristics and functionality for dealing with
different kinds of blobs such as ELF images or TAR archives. This has
been replaced by a session-local ROM service, which can be equipped with
an arbitrary number of ROM modules supplied by the loader client prior
starting the new sub system. Even though the TAR support has been
removed, a separate instance of the 'tar_rom' service can be used within
the subsystem to provide the formerly built-in functionality.
If any operand of the '?' operator is of an unsigned type, the result
is unsigned by default. Thanks to Julian Stecklina for finding
this out.
Fixes#189.
This patch allows to configure the amount of RAM that GDB monitor should
preserve for itself. The configuration syntax looks as follows:
<start name="gdb_monitor">
<resource name="RAM" quantum="1G"/>
<config>
<target name="noux">
<preserve name="RAM" quantum="2M"/>
...
</config>
</start>
Fixes#190.
The new 'chroot' tool at 'os/src/app/chroot' allows for executing
subsystems within chroot jails on Linux. For using the tool, please
refer to the test case 'os/run/chroot.run'. Fixes#37
This patch enables the use of threads and locking mechanisms in SDL
applications. The 'pthread' libary is used as backend. Not all features
are currently supported.
Fixes#185.
With this patch clients of the RM service can state if they want a mapping
to be executable or not. This allows dataspaces to be mapped as
non-executable on Linux by default and as executable only if needed.
Partially fixes#176.
This patch reads program arguments from the config file and makes them
available to the application via the 'argc' and 'argv' arguments of the
'main()' function. The configuration syntax looks like this:
<config>
<arg value="...">
<arg value="...">
...
</config>
The 'value' attribute of the first <arg> node becomes 'argv[0]' and so on.
Fixes#184.
With this patch GDB monitor provides a 'config' file to the target. Its
content can be defined in the <config> sub node of the <target> XML node.
Fixes#179.
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.
Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.
To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.
In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.
The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).
An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
The new 'swap' and 'realloc' functions are needed in scenarios where
'Attached_ram_dataspace' is used to implement double buffering. The
particular use case is the implementation of dynamic ROM sessions.