Check if the binary pointer is valid before attempting to lookup the
symbol. Shared objects with unresolved symbols and missing depencies,
e.g a library that references 'errno' but is not linked against libc,
will now produce an error message when they are loaded by the dynamic
linker.
Fixes#1904.
This patch moves details about the stack allocation and organization
the base-internal headers. Thereby, I replaced the notion of "thread
contexts" by "stacks" as this term is much more intuitive. The fact that
we place thread-specific information at the bottom of the stack is not
worth introducing new terminology.
Issue #1832
The interfaces linux_cpu_session, local_capability, linux_dataspace,
linux_native_pd are mere implementation necessities. They are meant for the
internal use by the framework only. So it is appropriate to move them to
base/internal/.
Issue #1832
On seL4 and L4/Fiasco, we employ a simple yielding spinlock as lock
implementation. Consequently these base platforms used to have a
simplified header. However, since the regular cancelable_lock has all
the member variables needed to implement a spinlock, we can simply use
the generic header on those two platforms too, just leaving some other
parts of the generic header unused. So at API level, the difference is
not visible.
Issue #1832
By moving the stub implementation to rm_session_client.cc, we can use
the generic base/include/rm_session/client.h for base-linux and
base-nova and merely use platform-specific implementations.
Issue #1832
This patch establishes a common organization of header files
internal to the base framework. The internal headers are located at
'<repository>/src/include/base/internal/'. This structure has been
choosen to make the nature of those headers immediately clear when
included:
#include <base/internal/lock_helper.h>
Issue #1832
This patch integrates the functionality of the former CAP session into
the PD session and unifies the approch of supplementing the generic PD
session with kernel-specific functionality. The latter is achieved by
the new 'Native_pd' interface. The kernel-specific interface can be
obtained via the Pd_session::native_pd accessor function. The
kernel-specific interfaces are named Nova_native_pd, Foc_native_pd, and
Linux_native_pd.
The latter change allowed for to deduplication of the
pd_session_component code among the various base platforms.
To retain API compatibility, we keep the 'Cap_session' and
'Cap_connection' around. But those classes have become mere wrappers
around the PD session interface.
Issue #1841
This patch removes the SIGNAL service from core and moves its
functionality to the PD session. Furthermore, it unifies the PD service
implementation and terminology across the various base platforms.
Issue #1841
This patch removes the support for executing subsystems of CLI monitor
within the GDB monitor. There are multiple reasons: First, the feature
remained unused for multiple years. Second, it relied on the base/elf.h
header to determine whether the started binary is dynamically or
statically linked. This header, however, is going to be removed from the
Genode API. Third, the feature will eventually break with the upcoming
changes of how components are bootstrapped. Finally, there is the plan
to turn CLI monitor into a sole front end of a dynamically configurable
init component. Once we pursue this plan, we'd need to reconsider the
GDB support anyway.
Issue #1832
The commit avoids the need to have contrib sources of the kernel
available for this run script. We actually just want to build core and
not the kernel itself, which is always required after recent changes in
the ports tool.
This is the default optimization level in the original seL4 SDK. By
adapting to O3, we work around a bug [1] in version 2.1.0 that only
shows on low optimization levels.
[1] https://github.com/seL4/seL4/issues/20
Previously, ports that were needed for a scenario and that were not
prepared or outdated, triggered one assertion each during the second
build stage. The commit slots a mechanism in ahead that gathers all
these ports during the first build stage and reports them in form of a
list before the second build stage is entered. This list can be used
directly as argument for tool/ports/prepare_port to prepare respectively
update the ports. If, however, this mechanism is not available, for
example because a target is build without the first build stage, the old
assertion still prevents the target from running into troubles with a
missing port.
Fixes#1872
The gnat and gprbuild tools are not necessarily in the PATH when
preparing the port since the effective location is specified by the
--image-muen-gnat-path RUN_OPT.
This patch updates seL4 from the experimental branch of one year ago to
the master branch of version 2.1. The transition has the following
implications.
In contrast to the experimental branch, the master branch has no way to
manually define the allocation of kernel objects within untyped memory
ranges. Instead, the kernel maintains a built-in allocation policy. This
policy rules out the deallocation of once-used parts of untyped memory.
The only way to reuse memory is to revoke the entire untyped memory
range. Consequently, we cannot share a large untyped memory range for
kernel objects of different protection domains. In order to reuse memory
at a reasonably fine granularity, we need to split the initial untyped
memory ranges into small chunks that can be individually revoked. Those
chunks are called "untyped pages". An untyped page is a 4 KiB untyped
memory region.
The bootstrapping of core has to employ a two-stage allocation approach
now. For creating the initial kernel objects for core, which remain
static during the entire lifetime of the system, kernel objects are
created directly out of the initial untyped memory regions as reported
by the kernel. The so-called "initial untyped pool" keeps track of the
consumption of those untyped memory ranges by mimicking the kernel's
internal allocation policy. Kernel objects created this way can be of
any size. For example the phys CNode, which is used to store page-frame
capabilities is 16 MiB in size. Also, core's CSpace uses a relatively
large CNode.
After the initial setup phase, all remaining untyped memory is turned
into untyped pages. From this point on, new created kernel objects
cannot exceed 4 KiB in size because one kernel object cannot span
multiple untyped memory regions. The capability selectors for untyped
pages are organized similarly to those of page-frame capabilities. There
is a new 2nd-level CNode (UNTYPED_CORE_CNODE) that is dimensioned
according to the maximum amount of physical memory (1M entries, each
entry representing 4 KiB). The CNode is organized such that an index
into the CNode directly corresponds to the physical frame number of the
underlying memory. This way, we can easily determine a untyped page
selector for any physical addresses, i.e., for revoking the kernel
objects allocated at a specific physical page. The downside is the need
for another 16 MiB chunk of meta data. Also, we need to keep in mind
that this approach won't scale to 64-bit systems. We will eventually
need to replace the PHYS_CORE_CNODE and UNTYPED_CORE_CNODE by CNode
hierarchies to model a sparsely populated CNode.
The size constrain of kernel objects has the immediate implication that
the VM CSpaces of protection domains must be organized via several
levels of CNodes. I.e., as the top-level CNode of core has a size of
2^12, the remaining 20 PD-specific CSpace address bits are organized as
a 2nd-level 2^4 padding CNode, a 3rd-level 2^8 CNode, and several
4th-level 2^8 leaf CNodes. The latter contain the actual selectors for
the page tables and page-table entries of the respective PD.
As another slight difference from the experimental branch, the master
branch requires the explicit assignment of page directories to an ASID
pool.
Besides the adjustment to the new seL4 version, the patch introduces a
dedicated type for capability selectors. Previously, we just used to
represent them as unsigned integer values, which became increasingly
confusing. The new type 'Cap_sel' is a PD-local capability selector. The
type 'Cnode_index' is an index into a CNode (which is not generally not
the entire CSpace of the PD).
Fixes#1887
Use the new Sinfo::get_dev_info function to retrieve device information
in the platform-specific get_msi_params function. If the requested
device supports MSI, set the IRQ and MSI address/data register values to
enable MSIs in remappable format (see VT-d specification, section
5.1.2.2).
Currently only one MSI per device is supported as the subhandle in the
data register is always set to 0.
The new Sinfo::get_dev_info function can be used to retrieve information
for a PCI device with given source-id (SID). The function returns false
if no device information for the specified device exists.
The platform-specific get_msi_params function returns MSI parameters for
a device identified by PCI config space address. The function returns
false if either the platform or the device does not support MSI mode of
operation.
Extend the base-hw Irq_session_component class with _is_msi, _address
and _value variables required to support MSI mode of operation.
Return MSI configuration in info() function if _is_msi is set to true.
Enable the ACPI functionality in the platform_drv on hw_x86_64_muen and
provide a simple generated XML report as ROM session in order to make
the PCI configuration space available.
This is a requirement to implement support for MSI on hw_x86_64_muen.
In addition to now using the framework the playback is triggered by a
timer. For now it is a periodic timer that triggers every 11 ms which
is roughly the current Audio:out period (*).
The driver now also behaves like the other BSD Audio_out driver, i.e,
it always advances the play pointer. That is vital for the Audio_out
stack above the driver to work properly (e.g. the mixer).
(*) It stands to reason if it would be better to use the async ALSA
timer interface instead of using the Timer session.
Fixes#1892.
For some reason 'os/config.h' is imported through 'launchpad.h', when linking an
undefined symbol ('Genode::config') is produced, which actually should not
happen.
This commit adds rocket core on the Zynq FPGA support to base HW. It also takes
advantage of the new timer infrastructure introduced with the privileged 1.8 and
adds improved TLB flush support.
fixes#1880
The wrapper functions (e.g., 'Unwind_*' and friends) now have the same signature
as the original function in 'libgcc', reside in a separate C file which is
archived to cxx.lib.a. In supc++.o we prefix the wrapped functions with '_cxx_'.
This also enables support for riscv.
related to #1880
This driver uses the Usb session interface and provides a Block session
to its client. See _repos/os/src/drivers/usb_block/README' for more
information.
Fixes#1885.
Instead of only hardcoding "hw" read 'alsa_device' attribute from the
config node to determine the proper playback device. The default value
is still "hw" in case the attribute is not present.
Fixes#1884.
This patch removes a superfluous resize request at the creation time of
a new window, which resulted from _requested_size being initialized with
zero whereas the _geometry was initialized with the actual window
geometry. In some cases, this inconsistency led to the report of a new
resize request for the size 0x0, which is obviously wrong. I.e., it
leads clients to believe that the user has closed the window.
This patch resets the part of the window state that is responsible the
dragging of window controls once the drag operation is finalized.
Without it, the window was wrongly positioned when leaving the maximized
state after a previous resize operation.
This patch adds support for manipulating the window layout with keyboard
actions. It supports the toggling of fullscreen (aka maximize), the
raising of the currently focused window, and the focusing the next/previous
window.
This patch adds the mechanics for detecting key sequences to the window
layouter. Sequences for layouter actions can be expressed in the
layouter configuration. They cannot trigger any real action yet.
This patch weakens the themed decorator's demands with respect to the
supplied theme data. It no longer strictly requires the specification of
the '<closer>', '<title>', and '<maximizer>' nodes and the accompanied
png/tff data. Furthermore, the default.png can be left out if both decor
and aura have a size of zero.
This patch enhances the layouter to apply a label-dependent policy
for the placement of new windows. The policy may contain the
attributes 'xpos', 'ypos', and 'maximized'. If the latter is set
to "yes", the matching window will appear in maximized state.
This patch ensures that we never request a zero-sized virtual
framebuffer from nitpicker even when instantiating the object with zero
width or height. It therebu removes the burden of handling the resulting
invalid framebuffer dataspace from the user of the Nitpicker_buffer
utility.
The driver might end up in an endless loop on systems that do not
contain an i8042 controller when probing the AUX interface. This
leads to busy looping and in the end to not annoucing the Input
service. Components that wait for the announcement of the service
will therefore hang as well.
Normally a service gets announced only if it is usable but in this
case this is inconvient because it renders all scenarios that use
the input_merger non working on x86 systems that only provide USB
input and do not have PS/2 at all.
Ideally, the PS/2 driver should only be started if the system needs it.
That is currently not feasible and for the time being we post-pone the
inevitable and back down after several unsucessful attempts to read
from the AUX interface while initializing the driver.
Fixes#1871.
Interfaces that have been claimed by a component always have to be
released when the session is closed in case the component
malfunctioned.
Fixes#1869.
Inspired by the mailing-list posting [1], this commit removes the
MAC/PHY reset for all Intel cards and effectively prevents the bandwidth
drop to 10 MBit/s (e.g., on i217lm). I understand it as preliminary fix
for practical reasons - a real fix would be to update the ipxe port and
monitor for more postings like the one mentioned.
[1] http://lists.ipxe.org/pipermail/ipxe-devel/2015-December/004511.html
The 'usb_report_filter' component takes the devices report from the
USB driver and generates a new devices report after checking each
entry against its device white-list. Before emitting the new report
it changes the configuration of the USB driver to contain the
required policy entries.
See 'repos/os/src/app/usb_report_filter/README' for more details.
Issue #1863.
- Use 'label' attribute to identify device instead of
bus/dev and vendor_id/product_id
- Implement release_interface RPC
- Report 'label' as well as 'bus' and 'dev'
- Add policy handling to raw driver (includes reconfiguration
at runtime)
- Use own memory backing store for large DMA allocations
Issue #1863.
This prevents a sporadic null-pointer dereference in the nic_loopback
test, which occurred once in 100 runs. I'm not sure if there's still a
race window (we may investigate) with context dissolve.
Instead of polling for new Nic session signals, when waiting for
network packets with a timeout, block on the signal receiver, and
register a timer event beforehand using the same signal receiver.
Fix#1862
Ref #1864
Do not build core-muen_on library without the muen soecifier set.
Do not reference files of the muen contrib directory in the first
pass of make's rule analysis, when parding the muen specific kernel
makefile.
Fix#1859
The new implementation of the FPU and FPU context is taken out to
separate architecture-dependent header files. The generic Cpu_lazy_state
is deleted. There is no hint about the existence of something like an
FPU in the generic non-architexture-dependent code anymore. Instead the
architecture-dependent CPU context of a thread is extended by an FPU
context where supported.
Moreover, the current FPU implementations are enhanced so that threads
that get deleted now release the FPU when still obtaining it.
Fix#1855
Thanks to the log_terminal server, we no longer rely on a separate UART
for the noux output. We also skip the indirection of using a tar archive
but rather start the test-noux_form program as a mounted ROM module.
With commit e74b53d5dd the fork semantic in noux
changed slightly, and broke platforms like hw & sel4, where the UTCB is mapped
directly into the thread's context area. The change moved the re-initialization
to a point where the new noux process' thread stack-pointer was already switched
back to the context area. But to re-initialize the context area RPC calls must
be done, and the UTCB must be used therefore. On the other side the UTCB is
found implicitly by the stack-pointer, whereby a stack-pointer located in the
context-area refers to a UTCB that is expected to reside in the context-area
as well. But the UTCB gets overlayed inside the context area by the
context-area's re-initialization - we've come round in a circle.
This commit rolls back the move of the re-initialization routine. To preserve
the intention of the original commit, the context-area location is stored in
a static variable, so that the Native_config API is not needed anymore.
Fix#1851
This commit enables multi-processing for all Cortex A9 SoCs we currently
support. Moreover, it thereby enables the L2 cache for i.MX6 that was not
enabled until now. However, the QEMU variants hw_pbxa9 and hw_zynq still
only use 1 core, because the busy cpu synchronization used when initializing
multiple Cortex A9 cores leads to horrible boot times on QEMU.
During this work the CPU initialization in general was reworked. From now
on lots of hardware specifics were put into the 'spec' specific files, some
generic hook functions and abstractions thereby were eliminated. This
results to more lean implementations for instance on non-SMP platforms,
or in the x86 case where cache maintainance is a non-issue.
Due to the fact that memory/cache coherency and SMP are closely coupled
on ARM Cortex A9 this commit combines so different aspects.
Fix#1312Fix#1807
On ARM Cortex A9 platforms the external PL310 L2 cache controller
needs to be initialized dependent on the SoC. For instance on Pandaboard
it needs to call the firmware running in TrustZone's secure world,
on i.MX6 it initializes it directly, on other boards it doesn't need
to be initialized at all, because the bootloader already did so.
Therefore, we should implement the PL310 intialization in board specific
code and not in the base class implementation.
Ref #1312
This commit separates certain SMP aspects into 'spec/smp' subdirectories.
Thereby it simplifies non-SMP implementations again, where no locking
and several platform specific maintainance operations are not needed.
Moreover, it moves several platform specifics to appropriated places,
removes dead code from x86, and starts to turn global static pointers
into references that are handed over.
Now, the right PCI bus:device:function (BDF) is reported to the kernel
during assign_pci syscall - beforehand it was ever 0:0.0. The BDF is
needed to lookup the correct DMAR unit the kernel has to configure. This
was revealed as the DMAR unit for Intel graphics on x201 is not the same
as for all other PCI devices we have drivers for on this platform.
Fixes#1848
Instead of using the 'alloc()' method to allocate new packets use
the 'next()' method with the previous packet. This is needed because
the last audio stack changes broke the semantics assumed by 'alloc()'.
We now keep track of the already queued packets by hand.
Fixes#1827.
Use kernel branch which is more accurate in accounting memory, which avoids
kernel messages of following form:
[0] warning: insufficient resources ...
Fixes#1830
Because a check for the TEST_WRITE configuration was missing as condition for a
packet submit, the test caused unwanted write access to the device.
Ref #1824
Explicitly cast floats to long as we currently do not plan to support
float in Xml_generator and previously the value was implicitly casted to
long anyway.
Issue #1819
Executing the system call will change the input fds as a side-effect
because the select_in.fds and select_out.fds structure are part of a
union. Since the original select_in.fds content is needed afterwards
make a copy instead of using a reference.
Fixes#1809.
The main thread's UTCB, used during bootstrap of the main thread before
it allocates its context area, needs to be outside the virtual memory
area controlled by the RM session, because it is needed before the main
thread can access its RM session.
Fix#1804
This patch adds diagnostic messages during the label-policy application,
if no policy for the session label was found or if the domain configured
in the policy node does not exist.
When unblocking a thread in Semaphore::up() while holding the fifo meta-data
lock, it might happen that the lock holder gets destroyed by the one it was
unblocking. This happened for instance in the pthread test in the past, where
thread destruction was synchronized via a semaphore. There is no need to hold
the lock during the unblock operation, so we should do it outside the critical
section.
Fix#1333
Previously we used a pretty slow external clock source for the timer. This
resulted in such a low TICS_PER_MS value that the granularity wasn't
sufficient to find a setup with a precision better than 1 second error per
minute. Now we use the so-called High Frequency Reference Clock as input
with TICS_PER_MS=33333 and the timer precision is significantly < 1 second per
minute.
Fixes#1805
From our observations we can tell that the error should not exceed 4%.
However, there is no reasonable explanation by now why the test results
are less stable on these platforms. We have tried several things that
did not lead to an explanation or improvement:
* changing the timing parameters of the scheduler
* switching off SMP
* double-checking the speed of userland and kernel timers
Ref #1805
The test threads previously used a stack size independent from the machine
word width. Qemu was previously configured to provide 64Mb of RAM which isn't
sufficient for x86_64.
Ref #1805
Upgrading the quota of a PD session on HW always triggers a "Quota
exceeded" warning. To prevent unecessary debugging effort in the future,
we explain in an in-code comment that the warning is normal.
Ref #1805
Print result error and error tolerance per test result. Use TCL commands
'format' and 'abs'to simplify calculations in the conclusion part of the run
script.
Ref #1805
When capabilities are delegated to components, they are added to the UTCB of the
target thread. Before the thread is able to take out the capability id out of
the UTCB and adapt the user-level capability reference counter, it might happen
that another thread of the same component deletes the same capability because
its user-level reference counter reached zero. If the kernel then destroys the
capability, before the same capability id is taken out of all UTCBs, an
inconsitent view in the component is the result. To keep an consistent view in
the multi-threading scenario, the kernel now counts how often it puts a
capability into a UTCB. The threads on the other hand hint the kernel when they
took capabilities out of the UTCB, so the kernel can decrement the counter
again. Only when the counter is zero, capabilities can get destructed.
Fix#1623
On Linux the linker can now be loaded at arbitrary addresses, this became
necessary for newer kernel versions. The 'linux_arm' target is not supported.
Issue #1728
Former Native_config::context_area_virtual_base() was used to identify
the main, which is not desired as the Native_config is rather low-level
(almost private to the base libs). The commit uses a library constructor
to retrieve the main-thread Thread_base pointer, which can be used later
to distinguish main and other threads.
Likewise on the x86 branch, we have to remove all virtual memory ranges from the
virtual memory allocator that are used by one-by-one mappings of I/O regions
used by the kernel.
Fix#1797
If the injection of an event causes an EPT violation, the event must be
injected again. This commit implements the reinjection for the case that
the EPT violation can be resolved without involving the recompiler.
Fixes#1798
This reverts commit d8b95c263b.
Some clients might want to fiddle with the clients play position
(e.g. the mixer) within 'Audio_out::start()' and we might reset
it to an old value if we do it afterwards.
Fixes#1796.
Since all Audio_out server components loop over the packet stream
queue it is save to reset the tail position to one after the play
position. We have to do this because we do not know exactly when
the play position changes (i.e. the driver has processed the packet)
and we might end up with a tail position before the current play
position.
Issue #1796.
* Also change the way how mute is handled. Only send the
changed signal if the user has clicked on the mute checkbox
* Always check channels_rom is valid
* Add <default> handling
* Increase verbosity
Fixes#1795.
Instead of bailing out if the channel list is incorrect check config
node attributes and default settings first.
Being there also fix flawed LOG messages.
Fixes#1794.
* enable i915 driver from Linux 3.14.5
* tested for generation 5 till 8 GPUs
The driver can be configured at run-time via the config ROM. Every
connector of the graphic card can be configured separately using the
following syntax
<config>
<connector name="LVDS-11" width="1280" height="800" enabled="true"/>
</config>
Also, when enabled within the intel framebuffer driver configuration like
the following
<config buffered="yes"/>
a simple ram dataspace is propagated to the client and the driver
itselfs copies from that buffer to the framebuffer triggered via refresh
calls. This option is useful to alleviate tearing effects.
The driver distributes all available connectors of the graphic card and
their supported resolutions via a report. It looks like follows
<connectors>
<connector name="LVDS-11" connected="1">
<mode width="1280" height="800" hz="60"/>
...
</connector>
...
</connectors>
The driver distributes the report only if this is stated within its
configuration, like the following
<config>
<report connectors="yes"/>
</config>
Fix#1764
This patch unifies the mechanism of selecting server-side policies and
taking session-routing decisions based on session labels. In both cases,
XML nodes are scored against session labels. The score depends on the
XML attributes 'label' (exact match), 'label_prefix', and
'label_suffix'.
Issue #1766
* Provide paravirtualized block API for accessing the second partition
of the block device that is provided by the ESDHC driver.
* Provide paravirtualized serial API for sending log-output over Genodes
serial port.
* Use the latest Linux suggested in the USB Armory Wiki [1] when on USB Armory
while still using the older vendor Linux when on i.MX53 QSB. I.e.,
provide a device tree through RAM and a rootfs through the paravirtualized
block device when on USB Armory while providing ATAGs and Initrd when on
i.MX53 QSB.
* Switch on the LED on the USB Armory when the VMM catches a VM-exception
and switch it off again when as soon as the exception is handled. This
merely show-cases the ability to instrument the LED for such purposes. In an
ideal world, the LED is switched on as long as we're on the "Secure Side"
and switched off as long as we're not.
* For further information see repos/os/run/tz_vmm.run
[1] https://github.com/inversepath/usbarmory/wiki/Preparing-a-bootable-microSD-imageFixes#1497
On the USB Armory, we want to secure different devices than on other i.MX53
implementations. Thus, add a board specific configuration that is interpreted
by the kernel Trustzone initialization.
Ref #1497
Enhance the VM state, that can be accessed by a VMM, by a member
'unsigned irq_injection'. In Kernel::Vm::proceed check, whether
irq_injection is set. If so, check whether irq_injection is a
non-secure IRQ. If so, let the PIC raise this IRQ in the VM and reset
irq_injection.
Ref #1497
Move ADMA2 stuff to extra header and unit. Move ESDHCv2 implementations to
extra unit. Use exceptions instead of error codes. Clean-up documentation.
Ref #1497
The manual termination of multi-block writes via "Stop Transmission" commands
seems to leave the card in a busy state sometimes. This causes errors on
subsequent commands. Thus, we have to synchronize manually with the
card-internal state via "Send State" commands. Additionally, the method
for issuing the manual "Stop Transmission" commands was refined.
Ref #1497
We have to issue a data synchronization barrier after writing a ADMA2
table to ensure that the corresponding write commands were actually
executed before issuing the SD command.
Ref #1497
On i.MX53 QSB, a "Send Op Cond" command during the driver initialization
returns another response value than on the USB Armory. As the check for
this response seems to have no relevance for the driver functionality (Linux
reads the value from MMIO but I can't find a place in the source code where
it is used), we simply remove it.
Ref #1497
Previously, it was not necessary to acknowledge an IRQ initially before using
it. However, since the IRQ framework changed lately it is. Adapt to this.
Ref #1497
Notify client initially to enforce a client-side ROM update. Otherwise,
a server-side ROM update between session creation and signal-handler
registration would go unnoticed.
Issue #1788
This patch changes the decorator to always apply stacking-order changes
immediately instead of deferring the re-stacking of the nitpicker views
to the next call of 'update_nitpicker_views'. The deferred application
did not always work when more then one windows changed their stacking
position at once because the cached '_neighbor' values interfered with
each other.
The eager re-stacking should not have negative effects on the user
experience because, in contrast to re-positioning, re-stacking a rare
operation.
This change makes it possible to reuse the generic window decorator
classes in include/decorator/ for decorators of a different structure.
E.g., instead of painting decorations on a single nitpicker session,
each window may paint its decorations into additional window-specific
nitpicker sessions.
For each session upgrade performed by a wm client as part of the
Nitpicker::Connection::buffer function, the window manager wrongly
upgraded the wrapped nitpicker session twice: Once by handling the
Root::upgrade, and again by handling of the server-side 'buffer'
operation. Here, the 'buffer' operation was implemented by not merely
forwarding the RPC request to the wrapped nitpicker session but by
calling the 'buffer' method on the wrapped session's connection
object, which implictly issues session upgrades. Consequently,
the window manager would transfer twice the amount of the session
upgrades it received by its clients to nitpicker and eventually ran
out of memory.
The patch fixes the problem by eliminating the call of the
Nitpicker::Connection::buffer method and instead merely forward the RPC
requests to the wrapped nitpicker sessions.
The original version of the icon painter would reach beyong the
texture boundaries for textures of even width and height, and when
painting an icon with the width or height of the texture.
In this case, p3 would be set to the same value as p2. However, the code
expects p3 to lie within the middle rectangle. However, in this corner
case, the middle rectangle is actually empty. So no pixel can lie within
it. Hence, p3 is positioned by one pixel to the left outside the middle
rectangle, which violates the assumptions when calculating the clipping
and texture offsets. The patch fixes the problem by reducing the size of
the right column by one pixel. This ensures that exists always a
non-zero middle rectangle.