Commit Graph

547 Commits

Author SHA1 Message Date
Norman Feske
76e96e92cb nitpicker: avoid color bleeding
This patch improves the output of opaque pixels in the presence of an
alpha channel by adding a special case for the maximum alpha value.

Fixes #2831
2019-01-07 12:43:23 +01:00
Norman Feske
56cb1885bb decorator: make window-layout updates more robust
This patch improves the window decorators in the following respects:

* Strict warnings are enabled now.
* The use of the 'List_model' makes the application of window-
  layout changes more robust. This is particularly the case for
  the restacking of windows.
* Display-mode changes are now supported by both decorators.

Issue #3094
2019-01-07 12:33:57 +01:00
Josef Söntgen
108034b050 packet_stream: packets w/o payload are still valid
Packets whose data is stored within the Packet_descriptor itself
but not as payload, .e.g Usb::Packet_descriptor, are valid packets
after all. So loosen the packet valid check for zero-sized packets
is reasonable.

Fixes #3076.
2019-01-07 12:33:54 +01:00
Alexander Boettcher
85b998a4af os: nullpointer check in os/path.h
Issue #3022
2019-01-07 12:25:45 +01:00
Alexander Boettcher
dbeb1b82a9 os: avoid warning in ethernet.h
issued by clang/llvm static analyzer
2019-01-07 12:25:45 +01:00
Alexander Boettcher
aa03c4ce9f os: avoid garbage warnings in app/painter
Issue #3022
2019-01-07 12:25:45 +01:00
Alexander Boettcher
5572430ba5 os: avoid ambiguous warnings for vfs/server
between File_system and Vfs::File_system

Issue #3022
2019-01-07 12:25:45 +01:00
Emery Hemingway
9c7d5b2a66 Implement print and min/max for Microseconds and Milliseconds
Ref #3050
2019-01-07 12:25:42 +01:00
Emery Hemingway
a2bdcc68c2 Throw exception for invalid packets at packet streams
Some application code is dereferencing the pointer returned by
'packet_content' at packet streams without checking that it is valid.
Throw an exception rather than return a null pointer, except for
zero-length packets, which have somewhat implicit invalid content and
that we believe to be properly handled in all current cases.

The client-side of a packet stream cannot take corrective action if the
server-side is sending packets with invalid content, but the servers
that provide packet streams should catch this exception to detect
misbehaving clients.

Ref #3059
2018-11-29 11:54:29 +01:00
Johannes Schlatow
74f2954013 packet_stream: improve buffer alignment
The bulk buffer is now 64Byte-aligned so that the allocated
packets get aligned likewise (assumed the packet allocator uses an
appropriately aligned block size). This ensures that each packet
starts at a new cache line on common platforms.

Issue #3053
2018-11-29 11:46:02 +01:00
Christian Prochaska
fd7ab79fe0 vfs: implement 'complete_sync()' in 'Single_file_system'
Fixes #3047
2018-11-27 11:38:13 +01:00
Norman Feske
c60604062c decorator: improve robustness of window restacking
This patch improves the detection of new appearing top-most windows.
Such a window should prompt the decorator to bring the corresponding
nitpicker view(s) to the front of the view stack. The original
implementation relied on hints provided by the layouter (the 'topped'
attribute). With the patch, the decorator tracks the top-most window by
itself, which improves the robustness.

As a second improvement, the patch defers the destruction of windows to
the point when all other window operations are completed. This hides
intermediate states when replacing one window by another in one step,
which is typical for console-like scenarios. Hence, this patch should
eliminate flickering artifacts when switching from one virtual console
to another.

Issue #3031
2018-11-16 14:53:26 +01:00
Christian Prochaska
9a2af89c4e vfs: use correct enum values in 'Dir_file_system::open_composite_dirs()'
Fixes #2968
2018-09-13 15:21:11 +02:00
Josef Söntgen
0603481aaa terminal: remove upper character range check
The more constrained upper limit leads to ommitted characters like
umlauts.

Fixes #2957.
2018-09-03 17:07:00 +02:00
Emery Hemingway
2041f957da Terminal: improved handling of escape sequences
Add additional parsing modes to the sequence decoder to detect and
discard unhandled sequences for ECMA-48, DEC private, and Xterm.

Add new behavior for cursor movement, cursor hiding, character deletion,
and line-wrapping.

Fix #2923
2018-08-08 11:27:41 +02:00
Emery Hemingway
08b774e318 VFS: add an error to to the Sync_result enum
Sync errors can be used to indicate failed writes across the File_system
session.

Ref #2920
2018-08-02 14:36:49 +02:00
Sebastian Sumpf
037a0d6822 usb_drv: add isochronous packet support
Commit extents USB session an driver accordingly.

issue #2910
2018-08-02 14:36:46 +02:00
Christian Prochaska
b2f7a6a934 vfs_lxip: look up path in 'leaf_path()'
Fixes #2913
2018-08-02 14:36:43 +02:00
Christian Prochaska
e3005266b6 vfs: no 'handle_io_response()' in regular VFS functions
Calling 'handle_io_response()' in a regular VFS function (in contrast to a
post-signal hook) can cause problems if the caller of the VFS function holds
a lock which prevents the io response handler from returning.

With this commit, the user of the VFS becomes responsible for unblocking
threads which might be blocking after a failed 'queue_read()', 'queue_sync()'
or 'write()' call.

Fixes #2896
2018-08-02 14:36:43 +02:00
Emery Hemingway
c18bee3d5b Input::Binding for non-C++ language bindings
Quietly insert forward declaration of a Input::Binding class, and make
it a friend of Input::Event and Input::Session_client. This is to allow
non-C++ language bindings (Nim) to access private members by providing
their own implementation of the Binding class.

Fix #2889
2018-07-03 09:39:35 +02:00
Emery Hemingway
e8dc6c84a4 Add missing XML header to vfs/file_system.h
Ref #2870
2018-07-03 09:39:34 +02:00
Emery Hemingway
366913c146 ram_fs: unmark modification from nodes that have been synced
Removed the modified mark from handles that have been written to when
they are synced, otherwise a notification would be sent again when the
handle is closed.

Ref #2839
2018-06-29 10:44:54 +02:00
Norman Feske
87be50c542 os: add Expanding_reporter::generate(Xml_node)
This method allows for the verbatim reporting of an existing XML node.
2018-05-30 13:36:40 +02:00
Martin Stein
734d174f33 net: get rid of unused mac_from_string method
Issue #2815
2018-05-30 13:36:36 +02:00
Martin Stein
342bdaf4a2 net: generic ascii_to for Netaddress template
Issue #2837
2018-05-30 13:36:32 +02:00
Christian Prochaska
c5f1ac615c Usb::Packet_handler: avoid completion handler recursion
Fixes #2828
2018-05-30 13:36:20 +02:00
Emery Hemingway
29c08d4751 Fix types for VFS error printing
Ref #2793
2018-05-30 13:36:14 +02:00
Martin Stein
41dbad13e4 nic_router/nic_bridge: re-work Mac_allocator
The old MAC allocator had several drawbacks:

* the address base was a public static that could and must have been written
  directly from outside the class
* the in-use-flag array was based on unsigned values consuming 4 bytes each
  for only one bit of information
* it was a public header that we actually don't want to expose to all
  components but only to the few networking components
* it used the not-so-safe bit notation for integer members of GCC

The new version fixes all these drawbacks.

Issue #2795
2018-05-30 13:36:11 +02:00
Martin Stein
980f3e9c5c net: use Size_guard for packet-data accessors
Instead of handing over the maximum available size to the packet data
accessors, hand over a size guard that keeps track of the packets
boundaries.

This commit also moves the size-guard utilitiy header of Ping and NIC
Router to the include/net directory making it a part of the net library.
It applies the new approach to all net-lib users in the basic repositories.

Ping looses its configurability regarding the ICMP data size as this would
require an additional method in the size guard which would be used only by
Ping.

The size guard was also re-worked to fit the fact that a packet can
bring a tail as well as a header (Ethernet).

Issue #2788
2018-05-30 13:36:11 +02:00
Emery Hemingway
483d005350 VFS: detect root dir based on config node type
Ref #2782
2018-05-03 15:32:00 +02:00
Norman Feske
8e0cc44e24 terminal: preserve content during resize
This patch eliminates the flickering of the terminal during resize.
2018-05-03 15:31:59 +02:00
Emery Hemingway
0b980073c1 VFS: close handles via handle method
The using pattern 'handle->close' is less error prone than attempting
'handle->ds().close(handle)' or 'fs.close(handle)'.

Ref #2782
2018-05-03 15:31:57 +02:00
Martin Stein
11a297b557 net: consider tail of Ethernet frame
The Ethernet payload may be followed by padding of variable length and
the FCS (Frame Check Sequence). Thus, we should consider the value
"Ethernet-frame size minus Ethernet-header size" to be only the maximum
size of the encapsulated IP packet. But until now, we considered it to
be also the actual size of the encapsulated IP packet. This commit fixes
the problem for all affected components of the Genode base-repository.

Fixes #2775
2018-05-03 15:31:57 +02:00
Martin Stein
841d583678 net: implement Udp_packet::checksum_error
For checking the checksum of a UDP packet.

Issue #2775
2018-05-03 15:31:56 +02:00
Martin Stein
6b55790e73 net: use generic internet checksum
This reduces the redundant implementations of checksum calculation to
one generic implementation, makes the checksum interface conform over
all protocols, and brings performance optimizations. For instance,
the checksum is now calculated directly in big endian which saves us
most of the previously done byte-re-ordering.

Issue #2775
2018-05-03 15:31:56 +02:00
Martin Stein
373134c4e7 net: safer access to packet data
Replace packet method 'T *data' by the new methods 'T &reinterpret_data'
for parsing or modifying existing sub-protocol packets and 'T
&construct_at_data' for composing a new sub-protocol packet. This has
the advantage that, when composing a new packet, the default constructor
that zero-fills the packet is always called first.

Fixes #2751
2018-05-03 15:31:54 +02:00
Norman Feske
afcad2a968 os: new Input::Event representation
This commit changes the 'Input::Event' type to be more safe and to
deliver symbolic character information along with press events.

Issue #2761
Fixes #2786
2018-05-03 15:31:25 +02:00
Norman Feske
1f1302e185 terminal: use VFS-based font handling
This patch replaces the terminal's formerly built-in fonts with the new
VFS-based font handling.

To avoid the copying of the terminal's font configuration across run
scripts, this patch adds the new terminal/pkg runtime package, which
includes everything needed for instantiating a terminal: the actual
terminal component, the library dependencies (vfs_ttf, which in turn
depends on the libc), a font (bitstream-vera), and a reasonable default
configuration.

Fixes #2758
2018-05-03 15:31:17 +02:00
Norman Feske
0011dd1623 terminal: remove built-in keyboard layout handling
Fixes #2757
2018-04-19 13:38:34 +02:00
Norman Feske
8bcf540915 os: add Text_painter::Font::height method
Issue #2716
2018-04-19 13:38:33 +02:00
Norman Feske
0a72b37363 vfs: Simple::env::apply_config 2018-04-19 13:38:33 +02:00
Emery Hemingway
3c07860aad VFS: watch result is ERR_UNACCESSIBLE by default
Ref #2745
2018-04-19 12:38:50 +02:00
Emery Hemingway
97f50e8e15 VFS: dir fs Opendir must open at least one directory to succeed
Ref #2745
2018-04-19 12:38:50 +02:00
Emery Hemingway
82a683eccc VFS: construct file-systems using Vfs::Env object
Reduce the size and forward compatibility of VFS file-system
constructors by passing an object holding accessors for 'Genode::Env',
'Genode::Allocator', response handlers, and the root file-system.

Fix #2742
2018-04-19 12:38:27 +02:00
Martin Stein
f9af0e6f0c net: packed attribute for Icmp_packet 2018-04-10 13:03:26 +02:00
Martin Stein
ca1751528d net: utilities for DHCP parameter-request lists
Issue #2738
2018-04-10 11:20:49 +02:00
Norman Feske
9d233b73a3 nitpicker: improve 'Session::focus' handling
Nitpicker's 'Session:focus' call used to trigger a one-off focus change
at call time. This focus change did not pass the same code paths as a
focus change triggered by a "focus" ROM update, which led to
inconsistencies.

This patch changes the implementation of 'Session::focus' such that the
relationship of the caller and the focused session is preserved after
call time. Whenever the calling session is focused in the future, the
specified session will receive the focus instead. So 'Session::focus'
represents no longer a single operation but propagates the information
about the inter-session relationship. This information is taken into
account whenever the focus is evaluated regardless of how the change is
triggered.

This makes the focus handling in scenarios like the window manager more
robust.

Issue #2746
2018-04-10 11:20:47 +02:00
Martin Stein
6edf9ccf5a net: get rid of static constructors 2018-04-10 11:20:44 +02:00
Norman Feske
97317b0c95 terminal: change term caps from linux to screen
Fixes #2743
2018-04-10 11:20:43 +02:00
Martin Stein
f152e3e9d0 timeout: dequeue all pending alarms before reschedule
This fixes the problem that large timeouts, when rescheduled, are interpreted
to be from the last now_period instead of, what would be right, the next
now_period. This occured if there were multiple pending alarms at the head of
the queue and the reschedule of the first one was done with the other outdated
deadlines still in place.

Issue #2704
2018-04-10 11:11:55 +02:00
Martin Stein
bfb96536da timeout: _setup_alarm calculates deadline itself
Instead of taking the absolute deadline of a timeout as argument from
outside (where it is calculated with a freshly requested now time), we
now take a relative duration as argument and calculate the deadline with
the scheduler-internal now time (which can be a little bit outdated).
This enables us to schedule timeouts without updating the internal now time
and thereby handle all pending timeouts.

Issue #2704
2018-04-10 11:11:55 +02:00
Martin Stein
38dbd59d8a timeout: become independent of the Alarm framework
Integrate the code of the Alarm framework directly into the Timeout
framework.  The former Alarm-framework methods are all private to the
corresponding classes of the Timeout framework and get prefixed with
'_alarm__'. The latter avoids name clashes and makes it easier to
simplify the code later.

Issue #2704
2018-04-10 11:11:54 +02:00
Martin Stein
365bd347a6 net: ICMP protocol
Packet format and common utilities for the Internet Control Message
Protocol.

Issue #2732
2018-04-10 11:11:52 +02:00
Emery Hemingway
9c6b720ec1 Notification support for the VFS library
Add a new 'Vfs_watch_handle' type to the VFS interface. This handle type
will pass a handle context up through the I/O handler to the application
when a notification event occurs.

Watch support implemented for RAM and File_system plugins, all other
file-systems return WATCH_ERR_STATIC by default.

Test at run/fs_rom_update_ram and run/fs_rom_update_fs.

Fix #1934
2018-04-10 11:11:51 +02:00
Emery Hemingway
344d46ce78 Comparision operators for Genode::Path
Ref #1934
2018-04-10 11:11:51 +02:00
Emery Hemingway
8310a94843 os/path: const 'string' accessor
Ref #2160
2018-04-10 11:11:50 +02:00
Norman Feske
3778558608 os: reworked nitpicker_gfx/text_painter.h
This patch improves the `Text_painter` utility that is commonly used by
native Genode components to render text:

- Support for subpixel positioning
- Generic interface for accessing font data
- Basic UTF-8 support

Since the change decouples the font format from the 'Text_painter' and
changes the API to use the sub-pixel accurate 'Text_painter::Position'
type, all users of the utility require an adaptation.

Fixes #2716
2018-04-10 11:09:18 +02:00
Norman Feske
07cd0d5809 vfs: add 'Readonly_value_file_system'
This file system is meant as a building block for pseudo file systems
that host a directory of several small files where each corresponds to
an attribute of the pseudo file system.
2018-04-10 11:09:18 +02:00
Norman Feske
48c5707a0c vfs: relax root_dir argument of 'Dir_file_system'
By letting the 'Dir_file_system' accept an arbitrary 'File_system'
as root directory, we can use the 'Dir_file_system' as a building
block for creating other file-system types.
2018-04-10 11:09:18 +02:00
Norman Feske
b0b92e4ee2 vfs: pass root directory to plugins
This patch enables the use of the VFS from VFS plugins by passing a
reference of the root directory to the constructors of file-system
instances. Since it changes the signature of 'Vfs::Dir_file_system',
any code that uses the VFS directly requires an adaptation.

Fixes #2701
2018-04-10 11:09:17 +02:00
Norman Feske
d59d07b5e3 os: util/utf8.h for UTF-8 string handling
This patch adds a simple UTF-8 decoder at 'os/include/util/utf8.h'
along with a test at 'os/run/utf8.run'.

Fixes #2717, related to issue #2716
2018-03-27 13:44:27 +02:00
Norman Feske
579ca1063c os: support non-int coordinates in 'Point<>' 2018-03-27 13:43:09 +02:00
Emery Hemingway
013eb506a8 Vfs::Dir_file_system: do not use Vfs_handle for opening directories as files
The Dir_file_system uses static cast to convert handles from the
application to a plugin local type. For this reason, only the local
handle type may be returned from 'opendir' or 'open'. This fixes the
unexpected behavior when opening directories as files.

Fix #2533
2018-02-15 10:22:09 +01:00
Alexander Boettcher
e05a708024 os: reset packet_allocator members
Fixes #2632
2018-02-15 10:22:09 +01:00
Emery Hemingway
4a3fc21ada New watch handle mechanism for File_system session
File_system clients may now watch files and directories for changes by
opening a 'Watch_handle' rather than submitting a 'CONTENT_CHANGED'
packet to the server. When a change happens at a node with an open
Watch_handle a CONTENT_CHANGED packet will be sent from the server to
the client. This serializes registration with other handle operations
and separates I/O handle state from notification handle state.

Test at run/fs_rom_update.

Ref #1934
2018-02-14 20:41:09 +01:00
Emery Hemingway
c7d0accac0 VFS: catch Out_of_ram and Out_of_cap exceptions
Catch out of RAM and capability exceptions and return error values.
Abort opening a composite directory at Dir_file_system where an
opendir call on any child file-system returns an OUT_OF_RAM or
OUT_OF_CAPS error.

Ref #2642
2018-02-14 20:41:07 +01:00
Norman Feske
8aa1e349fc terminal session: propagate resize events
The new 'Terminal_session::size_changed_sigh' RPC function registers a
signal handler that is triggered each time when the terminal size
changes. It enables the client to adjust itself to the new size by
subsequently calling the 'size' RPC function. Of all terminal servers,
only the graphical terminal triggers this signal.
2018-02-14 20:41:03 +01:00
Norman Feske
96a068f90a terminal: improve internal structure
This patch reorganizes the terminal's source code to become easier to
extend. It also enables the strict warning level.
2018-02-09 14:04:32 +01:00
Christian Prochaska
12c8e51071 terminal fixes
- handle line wraps in 'ech()'
- take (1,1) origin into account in 'hpa()' and 'vpa()'
- unify handling of SGR escape sequences of different lengths
- accept the '[?2004h' and '[?2004l' escape sequences (used by midnight commander)

Fixes #2671
2018-02-09 14:04:25 +01:00
Norman Feske
66a93d9199 os: add 'Expanding_reporter' to os/reporter.h
The 'Expanding_reporter' wrapper for the 'Reporter' eliminates
the burden of handling 'Xml_generator::Buffer_exceeded' exceptions
from components that generate reports.

Fixes #2655
2018-02-09 14:04:06 +01:00
Norman Feske
cde8163770 os: make 'Buffered_xml' util publicly available
The 'Buffered_xml' utility is used by three components and a fourth is
on the way. To avoid another duplication of the code, this patch makes
it publicly available at 'os/buffered_xml.h'.
2018-02-09 13:34:17 +01:00
Josef Söntgen
4009239328 vfs: skip synced file systems in complete_sync
Fixes #2606.
2018-01-17 12:14:43 +01:00
Martin Stein
fbd545ae70 net: remove unused enums
Issue #465
2018-01-17 12:14:41 +01:00
Martin Stein
4f1d43ce21 net: remove placement new operators
They are not used any more.

Issue #465
2018-01-17 12:14:41 +01:00
Martin Stein
f4a2d932e3 net: check packet data size in accessor
Instead of having a method validate_size in each packet class, check
sizes in the data accessor of the surrounding packet class. This packet
accessor is the one that casts the data pointer to the desired data type
so it is sensible that it also checks whether the desired type would
exceed the available RAM before doing the cast. This also fits nicely
the fact that for the top-level packet-class of a packet, the size must
not be checked (which was previously done).

Issue #465
2018-01-17 12:14:41 +01:00
Norman Feske
eba9c15746 Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:

* A class with virtual functions can no longer publicly inherit base
  classed without a vtable. The inherited object may either be moved
  to a member variable, or inherited privately. The latter would be
  used for classes that inherit 'List::Element' or 'Avl_node'. In order
  to enable the 'List' and 'Avl_tree' to access the meta data, the
  'List' must become a friend.

* Instead of adding a virtual destructor to abstract base classes,
  we inherit the new 'Interface' class, which contains a virtual
  destructor. This way, single-line abstract base classes can stay
  as compact as they are now. The 'Interface' utility resides in
  base/include/util/interface.h.

* With the new warnings enabled, all member variables must be explicitly
  initialized. Basic types may be initialized with '='. All other types
  are initialized with braces '{ ... }' or as class initializers. If
  basic types and non-basic types appear in a row, it is nice to only
  use the brace syntax (also for basic types) and align the braces.

* If a class contains pointers as members, it must now also provide a
  copy constructor and assignment operator. In the most cases, one
  would make them private, effectively disallowing the objects to be
  copied. Unfortunately, this warning cannot be fixed be inheriting
  our existing 'Noncopyable' class (the compiler fails to detect that
  the inheriting class cannot be copied and still gives the error).
  For now, we have to manually add declarations for both the copy
  constructor and assignment operator as private class members. Those
  declarations should be prepended with a comment like this:

        /*
         * Noncopyable
         */
        Thread(Thread const &);
        Thread &operator = (Thread const &);

  In the future, we should revisit these places and try to replace
  the pointers with references. In the presence of at least one
  reference member, the compiler would no longer implicitly generate
  a copy constructor. So we could remove the manual declaration.

Issue #465
2018-01-17 12:14:35 +01:00
Emery Hemingway
ed89f2f7f0 Add millisecond accessor to Genode::Duration value object
Add a 'trunc_to_plain_ms' method to Gende::Duration to make
millisecond-accurate timing safer and more convenient.

Ref #2335
2017-12-21 15:01:51 +01:00
Martin Stein
70c5c31ec9 nic_router: better warnings on bad DHCP requests
Be more descriptive about why the NIC router thinks that a DHCP request
sent to him is bad.

Issue #2534
2017-12-21 15:01:38 +01:00
Martijn Verschoor
8fe0a7514f Nic::Session_component: pass entrypoint in constructor
Added a new constructor that takes the entrypoint as constructor
argument. The original constructor retrieves the entrypoint from the
Genode environment. This does not allow to use a different entrypoint.
2017-12-21 15:01:33 +01:00
Christian Prochaska
dd98bd67a0 pointer: custom pointer shape support
Make the revised 'vbox_pointer' component the new 'pointer' component.

Fixes #2585
2017-11-30 11:23:22 +01:00
Norman Feske
40c9226bb9 os: add Color::print, enhance ascii_to<Color>
This patch adds a 'Color::print' method as counterpart to the 'ascii_to'
function. If the color is opaque (alpha is 255), its output has the form
"#rrggbb". If the color has a distinct alpha value, the output has the
form "#rrggbbaa". The new version of the 'ascii_to' overload for 'Color'
is able to deal with both forms.
2017-11-30 11:23:14 +01:00
Sebastian Sumpf
9c852c750a vfs: handle root directory explicitly
This makes '/' and the actual root of VFS distinguishable. A VFS root
may contain one ore more '/' entries for each file system. 'opendir' for
the VFS root opens all file systems via 'open_composite_dir', while
'opendir' for '/' only returns a VFS handle.

Fixes #2569
2017-11-30 11:23:10 +01:00
Martin Stein
e87f63944f timeout: replace Duration operators by methods
void += (Microseconds) -> void add(Microseconds)
void += (Milliseconds) -> void add(Milliseconds)
bool < (Duration)      -> bool less_than(Duration)

Issue #2581
2017-11-30 11:23:09 +01:00
Martin Stein
26bcd439f7 timeout: fix bug in duration + duration testing
The += operator contained bugs. We now also do some tests on the Duration
type at the beginning of the timeout test.

Fixes #2581
2017-11-30 11:23:09 +01:00
Norman Feske
a255ffaee9 input: disarm obnoxious press/release events
This patch adds a sanity check to the Event::type accessor. If the key
code of a given PRESS or RELEASE event is out of the valid range, it
reports an INVALID event. This way, client side code does not need to
deal with such edge cases. E.g., on Lenovo notebooks, the ps2 driver
reports strange key events when pressing shift-pageup/pagedown,
violating the general assumption that there is a release event for each
press event. By flagging these events as INVALID, the client-side logic
stays intact.
2017-11-30 11:23:07 +01:00
Emery Hemingway
07b36573ea Restrict VFS Dir_filesystem allocations to 'opendir' only
Allocations made at the client-side of the VFS must be contained within
functions that may return errors indicating resource exhaustion.

Fix #2569
2017-11-30 11:23:02 +01:00
Emery Hemingway
a0c0f3d7c9 Print support for VFS errors
Ref #2569
2017-11-30 11:23:02 +01:00
Emery Hemingway
ca0c86e7af Enforce cap quotas at VFS server, increase initial File_system cap donation
Check at the VFS server that the capability cost of sessions do not
exceed the session quota donation. Raise the default initial capability
donation for File_system connections.

Fix #2553
2017-11-30 11:23:02 +01:00
Norman Feske
55dc3abf00 Move gems/bezier.h to util/bezier.h (in repos/os)
This way, os components (i.e., input_filter) can use it for nonlinear
interpolation.
2017-11-09 12:18:43 +01:00
Christian Prochaska
547cc06976 ram_fs: throw exception when unlinked node gets accessed
Fixes #2536
2017-11-09 12:18:05 +01:00
Martin Stein
0ca248551a net: move Ipv4_address_prefix to nic_router
As this tool is not used by any other component make it local to the
NIC router to keep the net-lib interface small.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
50aba6f21b dhcp: support reading of some further option types
Client ID, maximum message size, IP lease time, and requested address.
All needed for the upcoming DHCP client.

Ref #2534
2017-11-06 13:57:21 +01:00
Norman Feske
dd5b03671d os: don't limit file-systems-session upgrades
The 'File_system::Connection' already performs an on-demand session
upgrade should the server report an 'Out_of_caps' or 'Out_of_ram'
condition. So file-system clients are normally relieved from handling
those exceptions. However, the upgrade was limited to two attempts per
operation (which amounts to 16 KiB). When using the Rump VFS plugin in
the VFS server, this amount does not always suffice. So the exception is
reflected to the client. I observed this problem as a message "unhandled
error" printed by fs_rom. This patch removes the upgrade limit such that
a greedy file-system server becomes iteratively upgraded until it stops
arguing or the client's RAM is exhausted.
2017-11-06 13:57:18 +01:00
Martin Stein
30a96706cb nic_router: dhcp server functionality
One can configure the NIC router to act as DHCP server at interfaces of a
domain by adding the <dhcp> tag to the configuration of the domain like
this:

<domain name="vbox" interface="10.0.1.1/24">
    <dhcp-server ip_first="10.0.1.80"
                 ip_last="10.0.1.100"
                 ip_lease_time_sec="3600"
                 dns_server="10.0.0.2"/>
    ...
</domain>

The attributes ip_first and ip_last define the available IPv4 address
range while ip_lease_time_sec defines the lifetime of an IPv4 address
assignment in seconds. The IPv4 address range must be in the subnet
defined by the interface attribute of the domain tag and must not cover
the IPv4 address in this attribute. The dns_server attribute gives the
IPv4 address of the DNS server that might also be in another subnet.
The lifetime of an offered assignment is the configured round trip time of
the router while the ip_lease_time_sec is applied only if the offer is
requested by the client in time.

The ports/run/virtualbox_nic_router.run script is an example of how to
use the new DHCP server functionality.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
d63c40af3e dhcp: extend options utilities
Provide utilities for appending new options to an existing DHCP packet
and a utility for finding existing options that returns a typed option
object. Remove old version that return untyped options.

Ref #2490
2017-10-19 13:29:44 +02:00
Martin Stein
791fd9806f ipv4 address: conversion from and to integer
Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
d0f5838c61 net: clean up header fields and accessors
Apply the style rule that an accessor is named similar to the the underlying
value. Provide read and write accessors for each mandatory header attribute.
Fix some incorrect structure in the headers like with the flags field
in Ipv4_packet.

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
7b55d4d5d9 ethernet: rework type for ethernet type value
Encapsulate the enum into a struct so that it is named
Ethernet_frame::Type::Enum, give it the correct storage type
uint16_t, and remove those values that are (AFAIK) not used by
now (genode, world).

Ref #2490
2017-10-19 13:29:43 +02:00
Christian Helmuth
f9b3c6d2cf Remove unused os/alarm.h include from loader 2017-10-19 13:29:41 +02:00
Christian Helmuth
28004bc9e6 timer: limit rate of handling timeouts
Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-05 17:40:05 +02:00