The main thread does no longer execute application code. It is solely
responsible for the initialization of the component's entrypoint and for
retrieving asynchronous notifications. Since the stack usage is no
longer dependent on application-specific code, we can significantly
shrink it to reduce the memory footprint of components. In the worst
case - should the stack overrun - we would observe a page fault because
the stack is placed in the stack area, surrounded by guard pages.
This patch replaces the former machine-word-dependent default stack size
by the fixed value of 64 KiB which should suffice for components on both
32 and 64 bit. Previously, the default stack size on 64 bit was 128 KiB,
which is wasteful. If a component needs more stack than 64 KiB, it can
specify a custon stack size by implementing 'Component::stack_size'.
The initial stack is solely used to initialize the Genode environment
along with the application stack located in the stack area. It never
executes application code. Hence, we can make it small. To check that it
is not dimensioned too small, the patch introduces a sanity check right
before switching to the application stack.
At least on foc_x86_64, nic_router refused to create sessions for the
test clients as the session object's size exceeds the old quota
donation.
Ref #2139
Both methods are now available for Ipv4_address as well as for
Ipv4_address_prefix. An IPv4 address is invalid if it contains zeros only.
An IPv4 address prefix is invalid if its address is invalid and its
prefix is 32.
Ref #2139
Instead of creating one socket and re-using it each test run because the
client shall also test the termination of pseudo-connections at components that
implement hole punching for UDP.
Ref #2139
This patch unconditionally applies the labeling of sessions and thereby
removes the most common use case of 'Child_policy::filter_session_args'.
Furthermore, the patch removes an ambiguity of the session labels of
sessions created by the parent of behalf of its child, e.g., the PD
session created as part of 'Child' now has the label "<child-name>"
whereas an unlabeled PD-session request originating from the child
has the label "<child-name> -> ". This way, the routing-policy of
'Child_policy::resolve_session_request' can differentiate both cases.
As a consequence, the stricter labeling must now be considered wherever
a precise label was specified as a key for a session route or a server-
side policy selection. The simplest way to adapt those cases is to use a
'label_prefix' instead of the 'label' attribute. Alternatively, the
'label' attribute may used by appending " -> " (note the whitespace).
Fixes#2171
The log plugin can now be configured to request a log session with the
specified label like follows.
<log label="..."/>
Per default, no new log session is requested but the existing log
session of the component's environment is used.
The heap typically first tries to allocate larger chunks than necessary, and
if it fails the actual minimal one. The first attempt already triggers warnings
which are not critical at all. If the second (critical) allocation fails,
then there are additionally checks and warnings already in place.
Issue #1039
Trace_control dataspace gets destroyed implicitly when the cpu session is
closed. Remove the trace control dataspace from the internal noux dataspace
registry before cpu session destruction.
The code in Core's Cpu_session_component::create_thread might throw a
capability refernce-count overflow if one creates many threads, which would
kill core if not handled.
Ref #2120
This patch adjusts the various users of the 'Child' API to the changes
on the account of the new non-blocking parent interface. It also removes
the use of the no-longer-available 'Connection::KEEP_OPEN' feature.
With the adjustment, we took the opportunity to redesign several
components to fit the non-blocking execution model much better, in
particular the demo applications.
Issue #2120
This is a redesign of the root and parent interfaces to eliminate
blocking RPC calls.
- New session representation at the parent (base/session_state.h)
- base-internal root proxy mechanism as migration path
- Redesign of base/service.h
- Removes ancient 'Connection::KEEP_OPEN' feature
- Interface change of 'Child', 'Child_policy', 'Slave', 'Slave_policy'
- New 'Slave::Connection'
- Changed child-construction procedure to be compatible with the
non-blocking parent interface and to be easier to use
- The child's initial LOG session, its binary ROM session, and the
linker ROM session have become part of the child's envirenment.
- Session upgrading must now be performed via 'env.upgrade' instead
of performing a sole RPC call the parent. To make RAM upgrades
easier, the 'Connection' provides a new 'upgrade_ram' method.
Issue #2120
This data structure is meant as a safe alternative for a list wherever
the list is solely used to remember objects and iterate through them in
an unspecified order. One use case is the 'Service_registry'.
This data structure allows the association of objects with IDs. IDs are
kept in an AVL tree. So in contrast to a bit allocator, the ID space can be
sparsely populated and does not need to be dimensioned. The lifetime of
an ID is bound to an 'Element' object, which relieves the programmer
from manually allocating/deallocating IDs for objects.
Issue #2120
We preserve lower RAM for device drivers with physical memory
constraints. If no physical RAM constraint exists, the allocations above
3G (32-bit) or 4G (64-bit) are preferred.
Limit the number of generations to 4 to prevent hitting the
socket-descriptor limit on Linux. Also, all possible configuration
parameters for bomb our now customizable in the run script and the
current config is logged by bomb master.
The 'connected_scan_interval' config attribute specifies the scan
interval in seconds. The commit also removes the deprecated ram_fs
component from the test run script.
VirtualBox mainly derives the initial link-state for its device models
from checking the <Adapter ... cable="true"/> attribute. Our backend
only propagates the current state of the Nic session if it receives a
link-state signal. This may lead to problems if a guest detects a link
up state when it is actually down and wants to use the interface. The
backend now queries the Nic session and sets the link-state accordingly
when it is constructed.
In case there is no link do not attempt to submit a packet to the packet
stream but return with an error so that upper layers can handle it.
Enable signals for network on poweron and not already during
construction. The network model may be not yet ready to process incoming
signals and data.
Fixes#2117.
This fixes a regression on Ubuntu 16.04 (resp. Linux systems with recent
kernel versions) and address-space randomization originating from an
uninitialized relocation base of 0.
This patch is a preparation of the forthcoming async parent interface.
Note that this patch increases the size of connection objects.
Furthermore it adds a diagnostic message whenever a connection fails.
Issue #2166
Because of the session-argument buffering added to 'Connection' objects
when changing the parent interface to be non-blocking, the
'Device_component' has grown in size from 1.5 KiB to 5 KiB. The slab
allocator was configured with a block size of 4 KiB. So it does not work
with the grown 'Device_component' size.
Once the transition to the new API is completed (when we can remove the
buffering of session arguments from the 'Connection' objects), we may
revert this change.
Issue #2120
Unfortunately, the volatile object does not inherit the noncopyable
attribute of the enclosed object. By making all volatile objects
noncopyable, we prevent the accidental copying of a noncopyable object
wrapped in a volatile object.
This feature is not compatible with the forthcoming nonblocking parent
interface. The patch removes the use of feature in all places except for
the components of the demo repository, which will under go a redesign
anyway.
Issue #2120
Issue #2165
Replace 'dump()' debug utilities within Allocator_avl with Output::print
equivalents, and use the new Avl_tree::for_each utility to simplify
the implementation.
Ref #2159
Instead of using a somewhat incomplete module_param_named() macro,
which will influence other drivers, patch the driver that requires
this treatment.
Fixes#2169Fixes#2155
This overload covers the common case for initializing a string from a
literal without employing the 'Output' mechanism. This way, such
strings can by constructed without calling virtual functions, which in
turn makes the 'String' usable for the 'init_rtld' phase of the dynamic
linker.
This patch fixes a race condition triggered by the thread test running
on Linux inside VirtualBox. The 'test_stack_alloc' sporadically produced
one of two errors: A segfault in the 'Thread::deinit_platform_thread' on
the attempt to access the 'native_thread' of the to-be-destructed thread
(this data structure is located on the thread's stack). Or, an error
message about a region conflict within the stack area.
The problem was that two instances of 'Region_map_mmap' issued a
sequence of munmap and mmap each. Even though each instance locked the
attach/detach operations, the lock was held per instance. In a situation
where two instances performed attach/detach operations in parallel, the
syscall sequences could interfere with each other.
In the test scenario, the two region-map instances are the test's
address space and the stack area. When creating a thread, the thread's
trace-control dataspace is attached at an arbitrary place (picked by
the Linux kernel) within the address space whereas the stack is attached
at the stack area. The problem is the following sequence:
Thread A wants to destruct a thread:
1. Remove stack from stack area
(issue unmap syscall)
2. Preserve virtual address range that was occupied from the stack
so that Linux won't use it
(issue mmap syscall)
Thread B wants to construct a thread:
1. Request trace-control dataspace from CPU session
2. Attach trace-control dataspace to address space at a location
picked by the Linux kernel
(issue mmap syscall)
The problem occurs when thread B's second step is executed in between
the steps 1 and 2 of thread A and the Linux kernel picks the
just-unmapped address as the location for the new trace-control mapping.
Now, the trace control dataspace is mapped at the virtual address that
was designated for the stack of the to-be-created thread, and the
attempt to map the real stack fails.
The patch fixes the problem by replacing the former region-map-local
locks by a component-global lock.
Furthermore, it cleans up core's implementation of the support function
for the region-map-mmap implementation, eliminating the temporary
unlocking of the region-map lock during RPC.
Prepared for internal test machine, which has 8 logical cores.
6 Win7 64bit VMs are started, each having 2 vCPUs, using the same image and
different overlays. Changes to the VM are written to the overlays of ram_fs
and dropped after the test.
lCPU 0 : Genode base system and drivers
lCPU 1-2: VM1 2 vCPUs
lCPU 2-3: VM2 "
lCPU 3-4: VM3 "
lCPU 4-5: VM4 "
lCPU 5-6: VM5 "
lCPU 6-7: VM6 "
Fixes#2143
drm_framebuffer_remove takes care of references to CRTC pointers before
freeing up framebuffer object. Directly calling the destroy function may cause
dangling CRTC pointers pointing inside the framebuffer object.
Fixes#2140
Instead of solving the problem to deliver ROM modules to core while booting
differently for the several kernels (multi-boot, elfweaver, core re-linking),
this commit unifies the approaches. It always builds core as a library, and
after all binaries are built from a run-script, the run-tool will link an
ELF image out of the core-library and all boot modules. Thereby, core can
access its ROM modules directly.
This approach now works for all kernels except Linux.
With this solution, there is no [build_dir]/bin/core binary available anymore.
For debugging purposes you will find a core binary without boot modules, but
with debug symbols under [run_dir].core.
Fix#2095
The usb_drv must always check the device pointer in all session facing.
methods. A errorneous client can otherwise trigger a page-fault in the
driver.
Fixes#2133.
- use the correct memory free functions on errors
- report packet submit errors
- rename 'Usb::Packet_descriptor::transfer.timeout' as
'Usb::Packet_descriptor::transfer.polling_interval'
Fixes#2135
base generic code:
* Remove unused verbosity code from mmio framework
* Remove escape sequence end heuristic from LOG
* replace Core_console with Core_log (no format specifiers)
* move test/printf to test/log
* remove `printf()` tests from the log test
* check for exact match of the log test output
base-fiasco:
* remove unused Fiasco::print_l4_threadid function
base-nova:
* remove unused hexdump utility from core
base-hw:
* remove unused Kernel::Thread::_print_* debug utilities
* always print resource summary of core during startup
* remove Kernel::Ipc_node::pd_label (not used anymore)
base*:
* Turn `printf`,`PWRN`, etc. calls into their log equivalents
Ref #1987Fix#2119
The 11n mode can forcefully be disabled by setting the 'disable_11n'
attribute to 'true'. This is workaround for certain 6200 ABG cards
that apparently do not support this mode.
Fixes#2124.
Implementing this macro provides easy access to module parameters from
outside the contrib code, i.e. the driver frontend. For now it will be
solely used by the wifi_drv.
Issue #2124.
The default iPXE settings of 8 (RXD) and 16 (TXD) lead to issues when
AMT is enabled. In most other OS drivers those descriptors are set
to 256, let us do the same. This should fix all observed issues wrt.
AMT.
Fixes#2108.
* Supply Env to Input::Session_component
* Attach input event dataspace at Input::Client
* Process input events by lambda rather than pointer
* Supply Env and a label to Input::Connection
* Wm serves valid input_session to decorator
* Per-source signal handling at input_merger
* Base API update for dummy_input_drv, test_input
* Input API update for launcher, menu_view, terminal,
mupdf, sdl, seoul, virtualbox
Ref #1987
This patch makes the build-system integration of noux packages usable
for non-Noux targets. It moves the GNU build system wrapper to
ports/mk/gnu_build.mk, which is now included by noux.mk. This way,
non-noux applications can use the same build-system wrapper. So the
porting of individual applications becomes easier.
This change removes the 'NOUX_' prefix use the various build variables
used by the noux-pkg's target.mk files to steer the behaviour of the GNU
build system. E.g., NOUX_CONFIGURE_ARGS is now called CONFIGURE_ARGS.
Note that there is a single exception to this pattern: The formerly
named NOUX_LIBS is now called LDLIBS because the plain LIBS variable is
used by the Genode build system.
Fixes#2094
* Remove 'test' routine from kernel/core
* Move 'cpu_scheduler' and 'double_list' test to user-land
* Remove 'hw_info' target at all (can be recycled in a topic branch)
Kernel fails to lookup a capability it just got delegated, if
the backing store for the destination capability was before backed by a
zero-page. Triggers if PCID (64bit) is in use or in SMP setups.
Fixes#2101
When run with the '--autopilot' run option, the 'usb_hid.run' script tests
the input events generated by a 'Pro Micro' microcontroller board. Setup
instructions for the Pro Micro can be found in the run script.
Fixes#2087
The nic_router component can be used to individually route IPv4 packets
between multiple NIC sessions. Thereby, it can translate between
different IP subnets. The component supports port forwarding, as well as
the partitioning of the TCP and UDP port spaces.
Fixes#114
A run script to demonstrate the combination of the cpu_sampler, fs_log,
ram_fs and noux components for saving the sampled data in files and
accessing these in a Noux environment. When the script is run by the
autopilot, it will check if one of the generated sample data files
contains the correct instruction pointer. When the script is run
interactively, the generated files can be accessed from a Noux Bash shell.
Fixes#2078
In other contexts (IPv4) 'calc_checksum' merely returns a new checksum that is
then installed via 'checksum'. Thus, the UDP 'calc_checksum' that calculates AND
installs a new checksum is misleading.
Ref #114
Both, client and server now read their IP config from their Genode config.
Furthermore, the client now waits 4 instead of 2 seconds before sending the
first request to prevent connection fails in tests with a slow startup. The
client truncates its packet dump for better readability.
Ref #114
This patch adds the missing exception handling for depleted RM session
quotas. If core runs out of session quota while creating a new region
map, it now reflects this condition as a Region_map::Out_of_metadata
exception to the RM client. Thanks to Denis Huber for reporting the
issue!
Although the driver makes no use of interrupts it references Irq_handler
for unknown reasons. Moreover, this commit eliminates the lock that is
not necessary anymore, because the driver now runs single-threaded.
Ref #2072
* Unify uart drivers of different hardware drivers
* Remove deprecated IRQ activations
* Remove additional timer thread in Fiasco* KDB driver
* Move more generic UART definitions to specific supported
platforms (e.g.: pl011 -> pbxa9)
* Move internal definitions from global to local headers
Ref #1987Fix#2071
Use a seperate handle at each session.
Use SEEK_TAIL to append messages to files.
Increase packet buffer.
Refactor to component framework.
Fixes#1777
Issue #2060
This patch revives our ds_ownership test from 2012, which just revealed
a regression in core where the dataspace-free operation of the RAM
service would unconditionally destroy dataspace objects from foreign
sessions. The patch fixes the bug and adds an updated version of the
test to the autopilot.
Fixes#2065
The main feature for this version upgrade is the use of the instruction
emulator (IEM) to speed up execution and less often the slow recompiler.
issue #2059
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
Core on seL4 is configured to run on native hardware, so some static
allocators are bit over dimensioned. Some run scripts fail on qemu because
solely 64M are available in the system - adjust the affected scripts.
Issue #2044
The initial support reports TouchPointPressed, TouchPointMoved, and
TouchPointReleased for multiple touch points, but is currently only
tested with widgets not leveraging multi-touch events. In other words, I
made sure synthetic mouse events are generated properly when using touch
screens.
We now always run the input_merger as Input service provider and
configure backends suitable for the used platform. On x86 hardware, we
enable both, PS/2 and USB HID.
Required to boot on hardware. The fragmentation is such unfortunate with the
old allocator that alloc() will throw an exception during very early core boot
phase.
Issue #2044
- disable iommu
- increase root_cnode further for native boot
- support vesa driver on native hardware
- don't mask edge triggered ioapic irqs
- increase various allocators to get noux_tool_chain_* booting natively
Issue #2044
That seems nowadays the right place in order to tell the caller that the
thread couldn't be completely constructed. The return value false of
bind_thread causes in Cpu_thread_component the throwing of
Thread_creation_failed.
thread.run now passes
pthread.run now passes
Issue #2044
Additionally, exclude boot-module from page_table_registry. Core does not use
the boot-modules inside core.
Adding it otherwise to the registry will use up the meta data allocator of
the page_table_registry in core in scenarios with lot of boot modules,
e.g. noux and friends.
Issue #2044
- adjust syscall bindings to support -fPIC
- read serial i/o ports from BIOS data area
- use autoconf.h provided by sel4
-- to avoid ambiguity between sel4 kernel and user libraries
-- remove manual set defines
- remove debug messages
- increase user virtual area to 3GB
Issue #1720
Issue #2044
and show some message about. On sel4 sometimes exceptions are thrown and no
message is shown, it just seems to hang. With this patch at least you get
an idea that something bad happened.
Issue #2044
- remove special handling from base-nova
- add to rpc_server where it actually should be applied to
- required to work for sel4 cancel_blocking
Issue #2044
Now, we support multi-touch devices generating multi-touch events and
absolute-pointer devices simultaneously with multitouch="yes". Still,
multitouch="no" generates emulated absolute-pointer events for
multi-touch devices.
Add option to load the initial overlay*.vdi from disk, but keep the changes
in a ram_fs.
Used with AHCI model for vbox_auto_win7. Currently we have no way to tell
rump_fs to unmount and write back data to disk before resetting the machine.
On MVM only the initial scanning of APs works. If wpa_supplicant changes
from triggered scans to the scheduled-scanning hardware feature no
further scan results are reported. Therefore, we disable the
scheduled-scanning hardware feature until the issue is fixed.
Issue #2046
When running the same kernel in a VM as on the host system and the
kernel boot message from the VM appears on the log output, the run tool
assumes that the host machine has rebooted unexpectedly. With this
commit, an unexpected reboot is assumed only if the kernel boot message
appears at the beginning of a line. On base-hw, we enforce a line feed
at the beginning of the boot message as the SPIKE emulator log starts
with the first message of the kernel lacking a line feed.
Fixes#2041
Thread stacks with less than 4K usable space are insufficient for our
implementation of Linux exception signal handling. If such a unusually
small stack overflows the SIGSEGV handler will not be able to print the
diagnostic message leaving no hint of the cause of the stuck process.
The linker scripts are known to reside in BASE_DIR. By using them
directly from this location instead of searching them in the
REPOSITORIES, we don't need to specify the repos/base as a repository in
order to link.
This patch handles x86_32 and x86_64 separately since this is the SPEC
value directly supplied to the package build tool. This way, we achieve
that a CROSS_DEV_PREFIX is defined for each supported argument.
This patch adds the methods 'sigh_ack_avail()' and
'sigh_ready_to_submit()', which are needed to build asynchronously
operating file-system clients.
Fixes#2023
Those headers implement a platform-specific mechanism. They are never
used by components directly.
This patch also cleans up a few other remaining platform-specific
artifact such as the Fiasco.OC-specific assert.h.
Issue #1993
Conveying the ROM filename as the final label element simplifies
routing policy and session construction.
Annotations by nfeske:
This commit also changes the ROM session to use base/log.h instead of
base/printf.h, which produced build error of VirtualBox because the
vbox headers have a '#define Log', which collides with the content of
base/log.h. Hence, this commit has to take precautions to resolve this
conflict.
The commit alse refines the previous session-label change by adding a
new 'Session_label::prefix' method and removing the use of 'char const *'
from this part of the API.
Fixes#1787
Session_label constructor now takes a bare string rather than a
serialized argument buffer.
Replace all instances of previous constructor with 'label_from_args'
function.
Issue #1787
This patch establishes the sole use of generic headers across all
kernels. The common 'native_capability.h' is based on the version of
base-sel4. All traditional L4 kernels and Linux use the same
implementation of the capability-lifetime management. On base-hw, NOVA,
Fiasco.OC, and seL4, custom implementations (based on their original
mechanisms) are used, with the potential to unify them further in the
future.
This change achieves binary compatibility of dynamically linked programs
across all kernels.
Furthermore, the patch introduces a Native_capability::print method,
which allows the easy output of the kernel-specific capability
representation using the base/log.h API.
Issue #1993
This patch alleviates the need for a Native_capability::Dst at the API
level. The former use case of this type as argument to
Deprecated_env::reinit uses the opaque Native_capability::Raw type
instead. The 'Raw' type contains the portion of the capability that is
transferred as-is when delegating the capability (i.e., when installing
the parent capability into a new component, or when installing a new
parent capability into a new forked Noux process). This information can
be retrieved via the new Native_capability::raw method.
Furthermore, this patch moves the functions for retriving the parent
capability to base/internal/parent_cap.h, which is meant to be
implemented in platform-specific ways. It replaces the former set of
startup/internal/_main_parent_cap.h headers.
Issue #1993
The static 'Thread::mystack()' function returns the stack boundaries of
the calling thread. It is useful when a thread uses a diffent stack than
the primary one.
Fixes#2037
When calling 'connect()' in nonblocking mode and the connection has been
established, don't call 'tcp_connect()' again, which would trigger an
assertion with the message 'tcp_connect: can only connect from state
CLOSED'.
Fixes#2039
