Commit Graph

9215 Commits

Author SHA1 Message Date
Norman Feske
48b2456845 util/token.h: fix possible out-of-bounds read
The 'WHITESPACE' case of the _calc_len method wrongly accessed the
character before checking upper bound of the token. The problem is fixed
by switching the order of both conditions.

Fixes #3756
2020-05-18 10:16:12 +02:00
Christian Helmuth
894c7411e7 Remove obsolete vmm_utils test 2020-05-18 10:16:12 +02:00
Sebastian Sumpf
ea78d85d35 ahci: SYNC with empty NCQ queue only
Fixes #3746
2020-05-18 10:16:12 +02:00
Norman Feske
04aeaa25e5 Remove dead code 2020-05-18 10:16:12 +02:00
Norman Feske
9d67f9fc8e Remove Allocator_guard
This patch removes old 'Allocator_guard' utility and replaces its use
with the modern 'Constrained_ram_allocator'.

The adjustment of core in this respect has the side effect of a more
accurate capability accounting in core's CPU, TRACE, and RM services.
In particular, the dataspace capabilities needed for core-internal
allocations via the 'Sliced_heap' are accounted to the client now.
The same goes for nitpicker and nic_dump as other former users of the
allocator guard. Hence, the patch also touches code at the client and
server sides related to these services.

The only remaining user of the 'Allocator_guard' is the Intel GPU
driver. As the adaptation of this component would be too invasive
without testing, this patch leaves this component unchanged by keeping a
copy of the 'allocator_guard.h' locally at the component.

Fixes #3750
2020-05-18 10:16:12 +02:00
Christian Prochaska
1cc7277996 qt5: don't build webkit-related libraries for arm_v8a
Fixes #3747
2020-05-05 13:53:09 +02:00
Norman Feske
a9f0e47ea3 Remove return value of Log_session::write
Fixes #3749
2020-05-05 13:51:05 +02:00
Norman Feske
bbc21cf063 util/bit_array.h: remove use of memset and memcpy
This makes the code less dependent on functions considered unsafe.

Fixes #3748
2020-05-05 13:30:15 +02:00
Christian Helmuth
f722aa3325 os: src recipe for lx_fs 2020-05-04 15:59:29 +02:00
Norman Feske
eb0a33302a libc: strip trailing '/' for directory operations
Fixes #2686
2020-05-04 15:28:47 +02:00
Christian Prochaska
151828752c vfs: handle read error in fs file system
Issue #3742
2020-04-28 11:43:12 +02:00
Christian Prochaska
6a8fb48c13 vfs server: keep ack packet intact on failure
Issue #3742
2020-04-28 11:42:52 +02:00
Christian Prochaska
07b87f6f1f pthread: initialize static condition variables
Fixes #3741
2020-04-28 11:42:16 +02:00
Christian Prochaska
905b0c4aef libc: remove log2.patch
Fixes #3740
2020-04-28 11:41:38 +02:00
Christian Prochaska
6505ce47ae libc vfs plugin: report non-zero link count in 'stat()'
Fixes #3739
2020-04-28 11:40:58 +02:00
Christian Prochaska
31d7b3eb97 vfs_lwip: guard 'blocked_handles' Fifo
Fixes #3738
2020-04-28 11:37:56 +02:00
Alexander Boettcher
80d89c20fd top: use batched subject_infos of trace session
Issue #3610
2020-04-28 08:58:03 +02:00
Alexander Boettcher
1a94338389 trace: support to request subject infos batched
Optimize requesting the Subject_infos from O(n) to O(1) RPC call.

Issue #3610
2020-04-28 08:57:57 +02:00
Norman Feske
dd899fde29 depot: update recipe hashes 2020-04-24 14:37:57 +02:00
Norman Feske
1bf796d69a Remove Rust support
Fixes #3488
2020-04-24 14:37:57 +02:00
Norman Feske
c12d76686e Move OpenVPN to genode-world repository
Fixes #3737
2020-04-24 14:37:57 +02:00
Stefan Kalkowski
199821a247 os: re-enable drivers_interactive for i.MX53
* Fix IPU hardware structure layout
* Turn Signal_handler into Io_signal_handler
* Eliminate the faulty msleep in I2C initalization sequence
* Fix routes and resources for tablet board (i.MX53 SMD)

Fix #3735
2020-04-24 14:37:57 +02:00
Norman Feske
840f383e46 Remove input_merger component
Fixes #3736
2020-04-24 14:37:57 +02:00
Norman Feske
1459085a4d mk: prevent duplicates in REPOSITORIES definition
Fixes #3731
2020-04-24 14:37:56 +02:00
Norman Feske
6f6340644b Hide binary_ready_hook_for_platform from public
The hook is meant to be internal to the framework. So better keep its
declaration in the framework-internal globals.h header.

Issue #3581
2020-04-24 14:37:47 +02:00
Norman Feske
b134867f31 Remove Rpc_entrypoint::Native_context
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.

Related to issue #3581
2020-04-21 16:50:37 +02:00
Norman Feske
01bf32b998 Remove ram_fs server
Fixes #3734
2020-04-21 16:27:07 +02:00
Norman Feske
f14cc2edab Replace use of ram_fs by VFS server
Issue #3734
2020-04-21 16:24:37 +02:00
Norman Feske
f0c4fc1e22 sandbox: defer requests for upcoming server
The sandbox library supports the forwarding of session requests from the
outside to one of the hosted children according to a policy. This patch
introduces the distinction between two cases, which previously triggered
the denial of the session request.

- There exists no matching policy for the requested session
- There exists a matching policy but the referred server child
  does not exist (yet)

Whereas the proper response to the first case is the denial of the
request, the second case can occur in situation where a dynamic init is
used to implement a staged startup, for example via the deploy
mechanism. In such cases, a policy may exist as a static rule while the
server has not been started yet. This patch changes the behavior such
that such requests are stalled.

The patch is accompanied with test cases for exercising both situations.

Fixes #3733
2020-04-21 14:52:29 +02:00
Alexander Boettcher
f891f4c963 vm_stress: change output message for ci scripts
so that it detect it correctly as not available instead of a failure on
normal work days

Issue #3683
2020-04-20 12:36:00 +02:00
Stefan Kalkowski
9f28f4f803 hw: avoid BASE_DIR relative path definitions
Fix #3728
2020-04-17 12:55:13 +02:00
Stefan Kalkowski
0e49336b96 Retire Exynos 5 support (fix #3725) 2020-04-17 12:53:57 +02:00
Stefan Kalkowski
941e918b46 vmm: unify armv7/v8 virtualization
Fix #3638
2020-04-17 12:52:02 +02:00
Stefan Kalkowski
74e75d7fbc hw: enable virtualization support for virt_qemu
Ref #3638
2020-04-17 12:51:53 +02:00
Stefan Kalkowski
58db6542f8 hw: check for security extension support in GICv2
Ref #3638
2020-04-17 12:51:44 +02:00
Tomasz Gajewski
fca2a05adf trace: extend test for log_output
Issue #3714
2020-04-17 12:48:17 +02:00
Tomasz Gajewski
4639978b3a trace_logger: avoid output of empty lines
It avoids output of empty lines in output buffer if traced messages end
with \n (what is common with messages logged from dde_linux).

Issue #3714
2020-04-17 12:48:13 +02:00
Tomasz Gajewski
870d348d77 trace: redirect logs to trace based on policy
If trace is enabled for component than an attempt to put message into
trace buffer is performed using log_output policy. If it succeeds than
message is not put to logs using log service.

Fixes #3714
2020-04-17 12:47:48 +02:00
Tomasz Gajewski
db8ec81e9f trace: log_output policy that redirects logs to trace
Issue #3714
2020-04-17 12:47:35 +02:00
Tomasz Gajewski
1d9a2dce94 trace: extend policy with log_output
Issue #3714
2020-04-17 12:47:19 +02:00
Roman Iten
12ea494477 vfs/File_content: fix end condition in for_each_line
Fixes #3729
2020-04-17 12:45:10 +02:00
Christian Helmuth
b60b591d06 depot: update recipe hashes 2020-04-17 12:40:13 +02:00
Christian Helmuth
9fbc68bda1 libports: icu library moved to GitHub 2020-04-17 12:40:13 +02:00
Norman Feske
132569d12b base-linux: socket descriptor caps for RPC
On Linux, Genode used to represent each RPC object by a socket
descriptor of the receiving thread (entrypoint) and a globally-unique
value that identifies the object. Because the latter was transferred as
plain message payload, clients had to be trusted to not forge the
values. For this reason, Linux could not be considered as a productive
Genode base platform but remained merely a development vehicle.

This patch changes the RPC mechanism such that each RPC object is
represented by a dedicated socket pair. Entrypoints wait on a set of
the local ends of the socket pairs of all RPC objects managed by the
respective entrypoint. The epoll kernel interface is used as the
underlying mechanism to wait for a set of socket descriptors at the
server side.

When delegating a capability, the remote end of the socket pair is
transferred to the recipient along with a plaintext copy of the
socket-descriptor value of the local end. The latter value serves as a
hint for re-identifiying a capability whenever it is delegated back to
its origin. Note that the client is not trusted to preserve this
information. The integrity of the hint value is protected by comparing
the inode values of incoming and already present capablities at the
originating site (whenever the capability is invoked or presented to the
owner of the RPC object).

The new mechanism effectively equips base-linux with Genode's capablity
model as described in the Chapter 3 of the Genode Foundations book.
That said, the sandboxing of components cannot be assumed at this point
because each component has still direct access to the Linux system-call
interface.

This patch is based on the extensive exploration work conducted by
Stefan Thoeni who strongly motivated the inclusion of this feature into
Genode.

Issue #3581
2020-04-17 12:40:13 +02:00
Alexander Boettcher
319d2be1af seoul: add vm_stress script version
Issue #3683
2020-04-17 12:40:13 +02:00
Alexander Boettcher
29911cf114 seoul: update contrib branch
- reactivate vga update, range was to small
- remove diagnostic messages
- add support to ignore machine check MSR MCG CAP

Issue #3683
2020-04-17 12:40:13 +02:00
Alexander Boettcher
8be72b0be1 vbox5: add testing VMs causing load
Issue #3683
2020-04-17 12:40:13 +02:00
Emery Hemingway
6359445a8e Add <exit propagate="…"/> to Init config schema
Fix #3724
2020-04-17 12:40:13 +02:00
Christian Helmuth
c783764d0b Region-map attach/detach stress depot_autopilot test
Issue #3715
2020-04-17 12:40:13 +02:00
Stefan Kalkowski
ff378a8c5b hw: cache maintainance on mapping removal too
Older ARM processors like ARMv6, or Cortex A8 need to write back changes
of the page-tables to physical ram because the MMU does not use the cache.
This naturally needs to be done not only when adding a mapping,
but on removal too.

Fix #3715
2020-04-17 12:40:13 +02:00