Executing the system call will change the input fds as a side-effect
because the select_in.fds and select_out.fds structure are part of a
union. Since the original select_in.fds content is needed afterwards
make a copy instead of using a reference.
Fixes#1809.
The main thread's UTCB, used during bootstrap of the main thread before
it allocates its context area, needs to be outside the virtual memory
area controlled by the RM session, because it is needed before the main
thread can access its RM session.
Fix#1804
This patch adds diagnostic messages during the label-policy application,
if no policy for the session label was found or if the domain configured
in the policy node does not exist.
When unblocking a thread in Semaphore::up() while holding the fifo meta-data
lock, it might happen that the lock holder gets destroyed by the one it was
unblocking. This happened for instance in the pthread test in the past, where
thread destruction was synchronized via a semaphore. There is no need to hold
the lock during the unblock operation, so we should do it outside the critical
section.
Fix#1333
Previously we used a pretty slow external clock source for the timer. This
resulted in such a low TICS_PER_MS value that the granularity wasn't
sufficient to find a setup with a precision better than 1 second error per
minute. Now we use the so-called High Frequency Reference Clock as input
with TICS_PER_MS=33333 and the timer precision is significantly < 1 second per
minute.
Fixes#1805
From our observations we can tell that the error should not exceed 4%.
However, there is no reasonable explanation by now why the test results
are less stable on these platforms. We have tried several things that
did not lead to an explanation or improvement:
* changing the timing parameters of the scheduler
* switching off SMP
* double-checking the speed of userland and kernel timers
Ref #1805
The test threads previously used a stack size independent from the machine
word width. Qemu was previously configured to provide 64Mb of RAM which isn't
sufficient for x86_64.
Ref #1805
Upgrading the quota of a PD session on HW always triggers a "Quota
exceeded" warning. To prevent unecessary debugging effort in the future,
we explain in an in-code comment that the warning is normal.
Ref #1805
Print result error and error tolerance per test result. Use TCL commands
'format' and 'abs'to simplify calculations in the conclusion part of the run
script.
Ref #1805
When capabilities are delegated to components, they are added to the UTCB of the
target thread. Before the thread is able to take out the capability id out of
the UTCB and adapt the user-level capability reference counter, it might happen
that another thread of the same component deletes the same capability because
its user-level reference counter reached zero. If the kernel then destroys the
capability, before the same capability id is taken out of all UTCBs, an
inconsitent view in the component is the result. To keep an consistent view in
the multi-threading scenario, the kernel now counts how often it puts a
capability into a UTCB. The threads on the other hand hint the kernel when they
took capabilities out of the UTCB, so the kernel can decrement the counter
again. Only when the counter is zero, capabilities can get destructed.
Fix#1623
On Linux the linker can now be loaded at arbitrary addresses, this became
necessary for newer kernel versions. The 'linux_arm' target is not supported.
Issue #1728
Former Native_config::context_area_virtual_base() was used to identify
the main, which is not desired as the Native_config is rather low-level
(almost private to the base libs). The commit uses a library constructor
to retrieve the main-thread Thread_base pointer, which can be used later
to distinguish main and other threads.
Likewise on the x86 branch, we have to remove all virtual memory ranges from the
virtual memory allocator that are used by one-by-one mappings of I/O regions
used by the kernel.
Fix#1797
If the injection of an event causes an EPT violation, the event must be
injected again. This commit implements the reinjection for the case that
the EPT violation can be resolved without involving the recompiler.
Fixes#1798
This reverts commit d8b95c263b.
Some clients might want to fiddle with the clients play position
(e.g. the mixer) within 'Audio_out::start()' and we might reset
it to an old value if we do it afterwards.
Fixes#1796.
Since all Audio_out server components loop over the packet stream
queue it is save to reset the tail position to one after the play
position. We have to do this because we do not know exactly when
the play position changes (i.e. the driver has processed the packet)
and we might end up with a tail position before the current play
position.
Issue #1796.
* Also change the way how mute is handled. Only send the
changed signal if the user has clicked on the mute checkbox
* Always check channels_rom is valid
* Add <default> handling
* Increase verbosity
Fixes#1795.
Instead of bailing out if the channel list is incorrect check config
node attributes and default settings first.
Being there also fix flawed LOG messages.
Fixes#1794.
* enable i915 driver from Linux 3.14.5
* tested for generation 5 till 8 GPUs
The driver can be configured at run-time via the config ROM. Every
connector of the graphic card can be configured separately using the
following syntax
<config>
<connector name="LVDS-11" width="1280" height="800" enabled="true"/>
</config>
Also, when enabled within the intel framebuffer driver configuration like
the following
<config buffered="yes"/>
a simple ram dataspace is propagated to the client and the driver
itselfs copies from that buffer to the framebuffer triggered via refresh
calls. This option is useful to alleviate tearing effects.
The driver distributes all available connectors of the graphic card and
their supported resolutions via a report. It looks like follows
<connectors>
<connector name="LVDS-11" connected="1">
<mode width="1280" height="800" hz="60"/>
...
</connector>
...
</connectors>
The driver distributes the report only if this is stated within its
configuration, like the following
<config>
<report connectors="yes"/>
</config>
Fix#1764
This patch unifies the mechanism of selecting server-side policies and
taking session-routing decisions based on session labels. In both cases,
XML nodes are scored against session labels. The score depends on the
XML attributes 'label' (exact match), 'label_prefix', and
'label_suffix'.
Issue #1766
* Provide paravirtualized block API for accessing the second partition
of the block device that is provided by the ESDHC driver.
* Provide paravirtualized serial API for sending log-output over Genodes
serial port.
* Use the latest Linux suggested in the USB Armory Wiki [1] when on USB Armory
while still using the older vendor Linux when on i.MX53 QSB. I.e.,
provide a device tree through RAM and a rootfs through the paravirtualized
block device when on USB Armory while providing ATAGs and Initrd when on
i.MX53 QSB.
* Switch on the LED on the USB Armory when the VMM catches a VM-exception
and switch it off again when as soon as the exception is handled. This
merely show-cases the ability to instrument the LED for such purposes. In an
ideal world, the LED is switched on as long as we're on the "Secure Side"
and switched off as long as we're not.
* For further information see repos/os/run/tz_vmm.run
[1] https://github.com/inversepath/usbarmory/wiki/Preparing-a-bootable-microSD-imageFixes#1497
On the USB Armory, we want to secure different devices than on other i.MX53
implementations. Thus, add a board specific configuration that is interpreted
by the kernel Trustzone initialization.
Ref #1497
Enhance the VM state, that can be accessed by a VMM, by a member
'unsigned irq_injection'. In Kernel::Vm::proceed check, whether
irq_injection is set. If so, check whether irq_injection is a
non-secure IRQ. If so, let the PIC raise this IRQ in the VM and reset
irq_injection.
Ref #1497
Move ADMA2 stuff to extra header and unit. Move ESDHCv2 implementations to
extra unit. Use exceptions instead of error codes. Clean-up documentation.
Ref #1497
The manual termination of multi-block writes via "Stop Transmission" commands
seems to leave the card in a busy state sometimes. This causes errors on
subsequent commands. Thus, we have to synchronize manually with the
card-internal state via "Send State" commands. Additionally, the method
for issuing the manual "Stop Transmission" commands was refined.
Ref #1497
We have to issue a data synchronization barrier after writing a ADMA2
table to ensure that the corresponding write commands were actually
executed before issuing the SD command.
Ref #1497
On i.MX53 QSB, a "Send Op Cond" command during the driver initialization
returns another response value than on the USB Armory. As the check for
this response seems to have no relevance for the driver functionality (Linux
reads the value from MMIO but I can't find a place in the source code where
it is used), we simply remove it.
Ref #1497
Previously, it was not necessary to acknowledge an IRQ initially before using
it. However, since the IRQ framework changed lately it is. Adapt to this.
Ref #1497
Notify client initially to enforce a client-side ROM update. Otherwise,
a server-side ROM update between session creation and signal-handler
registration would go unnoticed.
Issue #1788
This patch changes the decorator to always apply stacking-order changes
immediately instead of deferring the re-stacking of the nitpicker views
to the next call of 'update_nitpicker_views'. The deferred application
did not always work when more then one windows changed their stacking
position at once because the cached '_neighbor' values interfered with
each other.
The eager re-stacking should not have negative effects on the user
experience because, in contrast to re-positioning, re-stacking a rare
operation.
This change makes it possible to reuse the generic window decorator
classes in include/decorator/ for decorators of a different structure.
E.g., instead of painting decorations on a single nitpicker session,
each window may paint its decorations into additional window-specific
nitpicker sessions.
For each session upgrade performed by a wm client as part of the
Nitpicker::Connection::buffer function, the window manager wrongly
upgraded the wrapped nitpicker session twice: Once by handling the
Root::upgrade, and again by handling of the server-side 'buffer'
operation. Here, the 'buffer' operation was implemented by not merely
forwarding the RPC request to the wrapped nitpicker session but by
calling the 'buffer' method on the wrapped session's connection
object, which implictly issues session upgrades. Consequently,
the window manager would transfer twice the amount of the session
upgrades it received by its clients to nitpicker and eventually ran
out of memory.
The patch fixes the problem by eliminating the call of the
Nitpicker::Connection::buffer method and instead merely forward the RPC
requests to the wrapped nitpicker sessions.
The original version of the icon painter would reach beyong the
texture boundaries for textures of even width and height, and when
painting an icon with the width or height of the texture.
In this case, p3 would be set to the same value as p2. However, the code
expects p3 to lie within the middle rectangle. However, in this corner
case, the middle rectangle is actually empty. So no pixel can lie within
it. Hence, p3 is positioned by one pixel to the left outside the middle
rectangle, which violates the assumptions when calculating the clipping
and texture offsets. The patch fixes the problem by reducing the size of
the right column by one pixel. This ensures that exists always a
non-zero middle rectangle.
In the event where a nitpicker session's quota was depleted by the
allocation of view handles, nitpicker would abort. The patch prevents
the abort by reflecting this condition as an Out_of_metadata exception
to the client. This way, the client can upgrade its session as needed.
The problem was triggered by running the decorator_stress test (changed
to generate 40 windows) with the themed_decorator.
This patch addresses the corner case that the specified neighbor view
is the first view of the view stack. If this is the case when inserting
the view in front of the neighbor (behind == false), the target position
within the view stack must be a null pointer, not the first view.
Because the conditions have become rather complicated, both cases
of 'behind' are handled separately now.
'block_for_signal' and 'pending_signal' now set pending flag in signal context
in order to determine pending signal. The context list is also used by the
'Signal_receiver' during destruction.
Fixes#1738
Instead of just red messages in the log and a hanging caller, the issuer
may respond to it - e.g. a noux bash shell will show an error and is
afterwards still usable.
Fixes#1778
Accidentally removed by #1658. We need to make the cleanup call for server
objects - otherwise we may get in capability identifier re-use trouble.
Issue #1778
The notion of a channel is shared by the mixer backend as well as the
frontend. To make dealing with reports between those easier move the
Channel definition to a global header.
Issue #1770.
This effectively enables configuring builds with -O0 for rump sources.
Note, if the build directory is not clean, at least var/libcache/rump*
should be removed before building with changed etc/tools.conf.
The test performs several rounds of write-read cycles with the following
configuration attributes in a <write-read> config node
rounds determines the number of rounds (default is 4)
size determines the number of bytes written/read in one round
(default is 4 MiB)
buffer_size determines the size of the write-read buffer
(default is 32 KiB)
In one round the test writes and reads "size/buffer_size" times
from/into a buffer_size'd buffer.
Related to #1765
Instructions:
1. Create a file in terminal one in the 'ram' directory
! echo "test" > ram/test
2. Second terminal
! tail -f ram/test
3. First terminal
! echo "Meaningless output" >> ram/test
4. Observe second terminal
The pthread object for the main thread initializes its 'Thread_base' base
class part with a reference to the 'Thread_base' object of the Genode main
thread. Therefore the pthread object for the main thread should never be
destroyed, as this would also destroy the Genode 'Thread_base' object.
Fixes#1760
Trapping rdtsc creates a huge load in some guests, e.g. Windows 8.1,
that use this instruction very frequently. This influences audio
playback/recording in a bad way (distorted sounds, …). As a interim
solution disable the virtualization of rdtsc completely. As long
as each guest VM runs on its own CPU core it should be fine as there
should not be that much interference (TSC warping).
That being said, TSC offsetting as well as adjusting within vbox have to
be evaluated.
Fixes#1768.
The RAM quota currently dedicated to the wm and decorator components in
the 'qt5_common.inc' file is too low for a window of size 1920x1080.
Fixes#1761
- Align implementation to the current generic implementation
- Document NOVA-specific implementation of dataspace() (as in the
original commit message)
This patch, complements the existing vbox layout with a hbox layout and
improves the response to dynamic dialog updates. The new version support
disappearing widgets and the reordering of widgets. Furthermore, this
patch ensures that the 'Widget::_layout' functions are executed after
updating a new version of the dialog.
This patch ensures that focus changes performed via the Session::focus
call are made effective the next time, the user is idle. Previously,
focus changes during drag operations were simply discarded.
strip_last_element at Path removes everything after the trailing slash,
which causes lookup failures at the VFS server when opening directories.
Issue #1648
Throw Invalid_name, No_space, and Out_of_node_handles where appropriate.
Catch the new range of errors thrown by at the VFS.
Catch Out_of_node_handles at the VFS, but print a message and re-throw.
Issue #1648
This patch introduces a shortcut for conditional session routes of the
form '<if-arg key="label" value="..."/>'. With this change, the label
can be directly specified as 'label' attribute of an '<any-service>' or
a '<service>' node. The '<if-arg>' mechanism was not documented anyway
and I hope to be able to ultimately remove it.
Don't skip the cleanup call if a pager object is marked as blocked.
It happens that the pager_object is in destruction but it is also used
concurrently by the pager thread. The pager thread handling code may set the
pager object to blocked but still uses the pointer to the pager object. Avoid
locking at the state of the pager object and make the cleanup call everytime.
Error output looks like this, where the pf_ip is within
void Pager_object::_page_fault_handler(addr_t pager_obj)
method and the pf_addr is the stale pointer to the already released pager_object.
no RM attachment (READ pf_addr=xxx pf_ip=xxx from 00 <NULL>)
static void Genode::Pager_object::_page_fault_handler(Genode::addr_t): page fault, thread '<NULL>', cpu x, ip=xxx, fault address=xxx
PAGE-FAULT IN CORE (READ pf_addr=b10e0090 pf_ip=132dbc from 00 <NULL>)
Currently, when a signal arrives in the main thread, the signal dispatcher is
retrieved and called from the main thread, the dispatcher uses a proxy object
that in turn sends an RPC to the entry point. This becomes a problem when the
entry point destroys the dispatcher object, before the dispatch function has
been called by the main thread. Therefore, the main thread should simply send an
RPC to the entry point upon signal arrival and the dispatching should be handled
solely by the entry point.
Issue #1738
* use '_dma_ext' or '_fdpma' commands
* handle interrupts depending on mode of operation
* spelling fixes
* move ATA 'Idendity' struct to ata header
issue #1734
- we claim to have no limits on file handles and number of threads
- remove obsolete Thread_base::myself fall-back code for stack size calculation
Issue #1733.
Too less memory quota for a PD may be calculated, which leads to too early
punishment for a Genode process.
Discovered during Turmvilla scenario #1552 and issue #1733.
Additionally print warnings about unavailable CPUs if they are tried to be
used during pager object setup.
Discovered during Turmvilla scenario #1552 and issue #1733.
threads with prio 0 will not be started and would fail silently.
Happened on Turmvilla for the USBProxy thread in virtualbox.
Discovered during Turmvilla scenario #1552 and issue #1733.
Reduces kernel log message noise when running on kernel-debug branch.
Additionally add a more verbose core message.
Discovered during Turmvilla scenario #1552 and issue #1733.
Under some circumstances, the diagnostic message in the exception signal
handler was not printed. This could happen due to a dead lock in the
console library if the console code itself produces the exception while
possessing the mutex, e.g., by exhausting a undersized stack. Now, we
directly write to the log session via the stdout_write() hook or use
raw_write_str() in core.
This patch improves the decorator in two ways. First, it enables the
assignment of window colors depending on the window labels. This
configuration can be changed dynamically. Second, it adds the handling
of window controls for closing, maximizing, minimizing windows.
Issue #1689Fixes#1688
This patch supplements the existing focus reports with the new attribute
'active', which indicates recent user activity when set to "yes". This
information is consumed by the clipboard to dynamically adjust its
information-flow policy depending on the user activity.
Issue #1712
This patch moves the formerly internal classes of the report-ROM service
to the public location os/include/report_rom/ so that they can be reused
by other components such as the upcoming clipboard.
This overload of the value member eases the retrieval of Genode::String
objects from XML attributes. So we won't need to deal with C-style
character buffers anymore.
The utilities in os/session_policy.h used to be tailored for the
matching of session arguments against a server-side policy
configuration. However, the policy-matching part is useful in other
situations, too. This patch removes the tight coupling with the
session-argument parsing (via Arg_string) and the hard-wired use of
'Genode::config()'.
To make the utilities more versatile, the 'Session_label' has become a
'Genode::String' (at the time when we originally introduced the
'Session_label', there was no 'Genode::String'). The parsing of the
session arguments happens in the constructor of this special 'String'.
The constructor of 'Session_policy' now takes a 'Genode::String' as
argument. So it can be used with the 'Session_label' but also with other
'String' types. Furthermore, the implicit use of 'Genode::config()' can
be overridden by explicitly specifying the config node as an argument.