This new runscript demonstrates how a file can be overwritten by vfs
import with the flag overwrite set to false. This is due to a bug
in lx_fs that is not propagating an ernno EEXIST syscall error.
Issue genodelabs#4104
This commit introduces a fix for lx_fs to propagate errno EEXIST error.
This prevents vfs <import overwrite="false"> to overwrite an imported
file, if it already exists, without the overwrite flag set to true.
Issue genodelabs#4104
The former implementation called 'TRACE_AND_STOP' which led to the
'usb_host_drv' to stop whenever such a function was called. Rather
than stopping return '0' and let the contrib code deal with this
situation.
Issue #4116.
This commit backports the Linux upstream commit (d4a6106) [*]
that introduces a check to prevent the sglist from being used
unconditionally.
[*] 'xhci: fix bounce buffer usage for non-sg list case'
Fixes#4116.
Unconditionally setting MAKEFLAGS to just 's' is not nice because other
flags cannot be passed through the run script. What the script desires
is to disable the automatically enabled '--print-directory' for sub-make
instances when calling tool/port/current by declaring
'--no-print-directory'.
Until now, Genode's Linux system call bindings were based on original
Unix system calls that were later superseded by more flexibile variants.
E.g., 'openat' is a modern version of 'open'. Even though Linux upholds
the compatiblity with the original versions for existing architectures
like x86, the legacy syscalls are absent for the recently added AARCH64
architecture. A good overview of the system calls accross the prominent
architectures can be found at
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md
This patch updates Genode's syscall bindings to avoid legacy versions,
thereby easing the support for AARCH64. The used "modern" versions
were introduced back in Linux version 2 days. So we are fine to rely
on them.
The patch slightly changes the signature for lx_stat because this system
call is merely used to check for the existance of a file and its size.
The new name 'lx_stat_size' draws a closer connection to its use case.
That said, the stat syscall has not been updated to the modern statx
since statx is still a fairly recent addition.
Issue #4136
This patch simplifies the use of the clone system call for creating
processes and threads. Until now, the binding used an opaque pointer
argument to pass context information to the newly created process or
thread. However, upon close inspection, this is not a strict
requirement.
A newly created thread accesses its contextual information by
using its stack pointer as key. The pointer argument is not used.
The creation of processes is strictly serialized because the
intermediate stack used in-between clone and execve is a global
variable. Since we rely on the serialization anyway, we can pass the
context information of a new process via a global variable as well.
This change simplifies the syscall binding for the upcoming AARCH64
support, which would otherwise require us to deal with the notion
of TLS on Linux.
Issue #4136
With the update to GCC 10, the compiler stopped with an error when compiling
places where a MAC address is copied from outside into a packed object using
the Net::Netaddress::copy method (e.g. in
Net::Arp_packet::dst_mac(Mac_address)):
! error: writing 6 bytes into a region of size 4 [-Werror=stringop-overflow=]
While trying to find a clean solution for this error, I found posts on
gcc.gnu.org and github that stated that the size calculations that cause these
errors are incorrect. Indeed, I could verify that the actual size of the two
regions was static and exactly the same in places were the error occured.
Furthermore, I couldn't find a way of making it more clear to the compiler
that the sizes are the same. By accident, we found that using the address of
the first element of the array that forms the second region instead of the
array address itself, somehow circumvents the error.
Fixes#4109
With the update to GCC 10 the compiler used to warn when using the internet
checksum functions on packet classes (like in
Net::Ipv4_packet::update_checksum):
warning: converting a packed ‘Net::[PACKET_CLASS]’ pointer
(alignment 1) to a ‘const uint16_t’ {aka ‘const short
unsigned int’} pointer (alignment 2) may result in an
unaligned pointer value
Apparently, the 'packed' attribute normally used on packet classes sets the
alignment of the packet class to 1. However, for the purpose of the
internet-checksum functions, we can assume that the packet data has no
alignment. This is expressed by casting the packet-object pointer to a pointer
of the new packed helper struct 'Packed_uint16' that contains only a single
uint16_t member before handing it over to the checksum function (instead of
casting it to a uint16_t pointer).
Ref #4109
The NAT feature of the NIC router used to prefer re-using source ports that
have been freed recently. From an external server's perspective, if a client
dies and restarts, chances are high that the new connect arrives with the same
source-IP/source-port as the old connection. The server has to forcefully reset
the connection. If that happens a lot, the server may even start to ignore
further connections from this IP/port combination for a while as a mitigation.
This patch adds a continuous counter feature that makes sure that every new
port allocation will increment and result in a port that hasn't been used for a
long time.
The NAT feature of the nic_router is now more in line with RFC 6056 chapter 4.
Ref #4086
pthread.0 acquires a write buffer mutex and calls potentially
blocking fs operations. The EP thread handles session requests and tries to
acquire the same write buffer lock. IO progress events for pthread.0 are
handled by the EP thread, which however is blocking on the write buffer mutex.
The commit uses two write buffers, one which is filled by the EP and a second
which is used by pthread.0. The two buffers are swapped protected by a mutex
without invoking blocking fs operations.
Issue #4095
The exec_terminal generates a config report which is used as input ROM for
sandbox/init, which does not support an "<empty>" node.
An empty config node is empty, without an node.
Issue #4095
Was still using the event_filter.config from drivers_interactive-pc
although a dedicated file is present in the raw archive.
The fix is just for consistency reasons, as sculpt manager is generating the
event_filter.config anyway.
KEY_UNKNOWN is a collective symbols for all unknown keycodes.
Remapping thus requires iterating through all corresponding codes
instead of only applying the policy to the first match.
Issue genodelabs#4069
This patch increases the RAM quota of the top-level nitpicker instance
to 12 MiB so that resize operations can be buffered for resolutions up
to 2560x1080. It mutes diagnostic messages of the form "Warning: Gui
(...) not enough RAM to preserve buffer content during resize" and
improves the window-resize experience.
With this patch, the user is able to re-gain access to the inspect view
by toggling the inspect button of a file system unrelated to the failed
USB storage device.
Fixes#4090
Issue #3967
triggers using -O0 with test-libc_integration:
libc_integration/main.cc:146: undefined reference to `std::istream::operator>>(unsigned long&)'
contrib/stdcxx-80f380143250d4f951433876698b54fdac32b95f/include/stdcxx/std/thread:67: undefined reference to `vtable for std:🧵:_State'
Introduce a new _overflowed state variable to indicate whether the
horizontal boundary was reached already and to omit subsequent character
output.
This state is necessary to maintain a valid cursor position at all
times. The _overflowed attribute is reset once the cursor is moved into
a valid position again.
To harmonise the bounds checking for _cursor_pos modifications, the
`constrain()` method was added.
Fixesgenodelabs/genode#4093
Also fixes a bug in `vpa()` and `vpb()` which moved the cursor
horizontally instead of vertically.
The direct execution of application-level code by a watch handler is
troublesome because those handlers are executed at the I/O signal level.
In the concrete case, the watch handler got recursively called because
the handler called _handle_config (application-code), which called the
VFS, which in turn performed a wait_and_dispatch_one_io_signal, which
again invoked the watch handler.
The patch works around the problem by letting the watch notification
trigger the application-level signal for the _config_handler.
Fixes#4091
I created a test program which stresses the interplay between libc,
pthreads and vfs_pipe and may detect regressions.
The program starts a thread that spawns a bunch of workers, sends and
receives data to them through a pipe. When all data of a worker is
collected, the worker is finished (join()) and a new worker is started.
Both the number of bytes sent to the worker and the size of its
answer are random.
Issue #3967
* The device XML information dataspace is only provided,
when the client's policy states `info="yes"`
* The device XM information gets changed to include the
physical resource names (I/O memory and IRQ addresses)
instead of virtual ids and page offset
Fix#4077
As linux drivers may distinguish device configuration by pci subdevice id in
addition to the pci device id, the former must also be used for finding the
matching entry. Otherwise, e.g., the iwlwifi driver might load the wrong
firmware.
Side note: Add break statement to save superfluous iterations after
match was identified.
Fixes genodelabs#4076
This is a follow-up fix for "Streamline platform-device API on ARM".
There is an ambiguity of the 'local_addr' method between the inherited
'Attached_dataspace' and the local declaration, which results in the
double application of the sub-page Range::start.
Issue #4075
This compilation unit contains a global constructor, which violates our
assumption that the libc is free of global constructors on ARMv7.
Specifically, the graphical terminal fails with the following message:
[init -> terminal] Error: Component::construct() returned without executing
pending static constructors (fix by calling
Genode::Env::exec_static_constructors())
[init -> terminal] Error: Uncaught exception of type 'Linker::Fatal'
In this case, the libc-less terminal uses the VFS. The VFS mounts the
ttf VFS plugin. The ttf VFS plugin depends on the libc.
The compilation unit 'arm_initfini.c' can safely be excluded because it
merely initializes the global '_libc_arm_fpu_present' variable, which
is not used by the current version of our libc/libm.
Fixes#4080
This API rework eases the access to memory-mapped I/O registers and
interrupts when using the platform driver. It introduces the notions of
- Platform::Device - one device obtained from a platform session
- Platform::Device::Mmio - locally-mapped MMIO registers of a device
- Platform::Device::Irq - interface for receiving device interrupts
The patch touches several drivers. Some drivers would require a
significant structural change to adopt the new API (e.g., net/virtio,
dde_linux drivers, imx gpio). In these cases, the patch adds
compatibility shims meant to be temporary. In other cases (e.g., imx
i2c), the adaptation was simple enough to carry through.
Fixes#4075
This patch adjusts the matching of the IP address such that the external
IP address is used as opposed the the NAT-local address. It is follow-up
fix of the conversion to the uplink session interface.
Issue #3961
When we allowed symbol resolution during exceptions, we used the shared
object lock to protect ELF object list manipulation (e.g., dlopen,
dclose) when executing exception unwinding code in the linker.
Unfortunately, sometimes libraries that are loaded by 'dlopen' may raise
exceptions in the process, leading to a deadlock within the unwind code.
In order to resolve this, we now protect the object list operations
(i.e., enqueue, removal, iteration) by a separate mutex. This allows
the shared object interface to throw exceptions.
issue #4071
This patch unifies the core-internal 'Mapping' type across all base
platforms.
As one minor downside on seL4, the diagnostic error messages when
observing faults other than page faults no longer print the faulting
thread and PD names.
Issue #2243
These messages pollute the boot log of Sculpt OS when ROM modules are
requested for files of the config fs before the sculpt manager has
created their first version.
When the own cap quota of a client does not suffice for a cap upgrade of
an existing session to a server, the client must issue a cap-resource
request to the parent. This logic was already in place for RAM quota but
was missing for cap quota.
Issue #4072
When callback functions of `dl_iterate_phdr` required further jump slot
relocations this lead to a deadlock. Therefore, we allow the resolution
of further symbols from callback functions, but protect the ELF object
list during the iteration, which blocks any dynamic loading (e.g.,
dlopen/dlcose) of shared object by other threads while in program header
iteration.
fixes#4071
Apparently the skewed motion timings came from the issue fixed by
"timer: restore semantics of periodic timeout 0". With the current
version of the timer, the original motion parameters work just fine.
This patch extends the 'Platform_session::alloc_dma_buffer' interface
with a 'Cache' argument that corresponds to the argument accepted by
'Ram_allocator::alloc', which is used by the platform driver under the
hood.
Since the x86 platform driver used to be hardwired to allocate DMA
buffers as UNCACHED, I adjusted all drivers by specifying the UNCACHED
argument. Right now, this is needed as a hint for core to steer the
allocation of I/O page tables. Once we eliminate the need for such hints
(by introducing an explicit 'Region_map::attach_dma' operation), we can
revisit the drivers individually because cached DMA buffers should
generally be fine on the x86 architecture.
Issue #2243
This change avoids many repetetive Genode:: prefixes, making the code
easier to read. The patch also includes a few consistency fixes
regarding include guards and file headers. It also renames
Platform_device::String to Platform_device::Device:name.
Issue #2243
This patch adds the designated alternative to Dataspace::phys_addr to
the platform-session interface. Under the hood, the platform driver
still calls Dataspace::phys_addr but it should eventuelly become the
only caller before we can abolish this function.
Issue #2243
This commit optimizes the 'Child::resolve_session_request'
implementation by introducing an internal 'Route_model' for quickly
traversing routing rules instead of parsing XML on each session request.
Fixes#4068
