If all connectors are set to disabled by configuration, the connectors
stayed enabled since the new configuration reveals no preferred or minimal
resolution/mode. Instead, use the last set resolution in order to get to the
disabling code.
The memory barriers where introduced with commit "test-timeout: fix build
errors with -std=gnu++20" presumably in order to prevent GCC optimization from
removing the empty for loops the test is using because using a volatile index
variable was no longer an option.
However, the memory barriers seem to have a negative effect on the measurements
performed with the affected loops. The commit caused the timeout test to fail
at least on imx53_qsb.
This commit fixes the issue by using a simple empty for loop without volatiles
or memory barriers but protected inside a function that is compiled with
optimization disabled.
Ref #4959
This commit extends the Lx_kit initialization function by passing in
a signal handler that is used to perform the normally occurring
scheduler execution and is a follow-up change for the decoupling
scheduler execution commit.
Instead of burying the signal handler in the 'Lx_kit::Scheduler'
object it is provided by the main object where the driver is free
to perform any additional step before or after executing the scheduler.
Issue #4927Fixes#4952
Since the wireless LAN driver is actually a 'Libc::Component' due to
its incorporation of the 'wpa_spplicant' application, we have to
intercept its construction because we have to initialize the Lx_kit
environment before any static ctors are executed. Most Linux initcalls
are implemented as ctors that will be otherwise implicitly executed
before the controll is given to us in 'Libc::Component::construct'.
Issue #4927.
The timer used to read the counter first and then the IRQ status. This
could cause a non-wrapped counter value to be considered a wrapped
counter value, leading to bogus timeout durations.
This commit fixes the bug and documents the used timer mode in the
driver in order to make future debugging of the driver easier.
Ref #4959
Prevent missing new RPC calls handed over to a Linux task
of a corresponding usb-device, while that task blocked
during enqueuing of asynchronous URBs.
Fixedgenodelabs/genode#4955
* add a sensible priority setup into the test script in order to protect
drivers and stack components from the demanding net clients
* delay the starting of the net clients by 5 seconds in order to give the
drivers and stack components some time to startup in peace
* use only explicit service routing and caps values
Ref #4923
This patch replaces the exception-based error propagation by the use of
'Attempt' return values, which eliminates side effects of the exception
handling - cxx_heap allocations - from code paths that are used by the
the cxx_heap itself (when growing the cxx_heap).
It thereby fixes the failure of the sub_rm test at the "attach RAM ds to
any position at sub rm - this should fail" step.
Fixes#4953
This patch enhances Sculpt with the ability to detect user inactivity
for driving a screensaver by combining nitpicker's hover and focus
reports with a timer.
Issue #4950
Nitpicker's hover and focus reports contain an 'active' attribute, which
can be inspected for the detection of user activity, e.g., as trigger
for a screensaver or for dynamic clipboard policies.
When using the 'Event' session, the reporting code updated the reports
only on incoming events. This patch adds the periodic reporting as used
when using the old 'Input' session.
Issue #4950
Decoupling the scheduler execution can lead to missed interrupts
because the current implementation only handles one pending
interrupt and requires immediate processing.
This commit introduces a helper object that is used to capture
any occuring interrupts that are then handled consecutively.
Issue #4927.
Prior to this commit, whenever an external event occurred, for example
timer or interrupt, the corresponding I/O signal handler was triggered.
This handler unblocked the task waiting for the event and initiated the
immediate execution of all unblocked tasks. Since these tasks may hit
serialization points, e.g. synchronously waiting for packet stream
operations, that require handling of other I/O signals this leads to
nested execution. This, however, is not supported and mixes application
and I/O level signal handling.
The flagging of the scheduling intent is now decoupled from its
execution by using an application level signal handler that is run in
the context of the components main entrypoint. The I/O signal handler
now triggers the scheduling execution by sending a local signal to
the EP.
Since it might be necessary to execute a pending schedule from the EP
directly the scheduler is extended with the 'execute' member function
that performs the check that the scheduler is called from within the
EP and triggers the execution afterwards.
Issue #4927.
On disconnect of displays, e.g. seen with Type-C connectors, the encoder was
not properly disabled due to a missing drm_client_modeset_commit. In order that
the commit succeed, however a fb must be assigned to the modeset. Missing to
do so leads to an -EINVAL by the drm_client_modeset_commit.
Fixes#4948
Fixes alignment faults that occured in the AES256 implementations while
wrapping or unwrapping keys on imx53_qsb, imx6q_sabrelite, and imx7d_sabre.
The problem was that the unwrap_key/wrap_key functions did reinterpret casts
from unsigned char pointers to uint64_t pointers and then directly used the 64
bit values of referenced by the latter. Most probably this caused the compiler
to optimize operations in the assumption that the pointer is 8-byte aligned
which then created alignment faults.
As a solution, this commit changes the interface of the wrap_key/unwrap_key
functions to take uint64 pointers as arguments instead of unsigned char
pointers and then adapts the function users to ensure that they refer to
appropriately aligned memory regions.
Fixed#4932
The initial memory backend implementation was brought over from DDE
Linux and was geared towards use-cases where a high-performing
allocator is useful. In case of the audio driver this is overkill
and since no other driver that could benefit from such an
implementation was ported in the meantime rather use a simpler
implementation that keeps the overhead down.
Fixes#4946.
Since component.cc is no longer linked to core, we can also remove
entrypoint.cc, which was merely a dependency of component.cc.
Related to issue #4784
This patch replaces the global '_wait_for_exit_sem' object by a local
static variable, which does not rely on the global ctors. It thereby
fixes the fault_detection test after the removal of the global ctors
execution from core ("base: remove component.cc from core").
Issue #4784
With these options enabled comparative testing between pc_linux drivers
and bzImages becomes much easier on EFI-only machines. The impact on the
actual Genode drivers is minimal.
This patch removes the use of the Entrypoint::schedule_suspend mechanism
and the call of glibc's exit from the lx_hybrid tests, for two reasons.
First, the interplay of atexit handlers executed by the glibc and
Genode's lx_hybrid library is complicated while bringing no benefits in
practice as lx_hybrid applications are usually servers that don't exit
anyway.
Second, the Entrypoint::schedule_suspend mechanism in not used by any
other component. By removing its use from the lx_hybrid tests, we can
remove this mechanism from the base library.
Issue #4940
By supplying only the parts of the Env that are actually relevant for
initializing the cxx heap, we avoid the need for the 'Env' interface.
The patch also moves the call of 'init_ldso_phdr' to the outside
of the cxx library because it does not belong there.
Issue #4784
USB devices that are never associated to client sessions lack
usb_per_dev_data (and a kernel thread). Therefore, the devices should be
discontinued directly on unplug as no URBs can be pending.
Issue genodelabs/genode#4795
This commits enables the R8169 driver and was tested with two
RTL8168h/8111h (10ec:8168 rev 0x15 sub 1462:7a38 / 1d05:109f) and
two equal RTL8125B (10ec:8125 rev 0x5 sub 1458:e000) devices
running Sculpt.
Firmware loading is for now not implemented but specific Linux
commits suggest it could be necessary. However, doing so will be
post-poned until we have gathered more experience with the driver.
Restarting the driver might lead to the following IOMMU error
messages but the device seems to work anyway:
[ 0] IOMMU:0xffffffff817ec040 FR:0x8a00000000002500 FI:0xfffffffdf8d30000 type:0x8 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2000004200002500 FI:0x000c21b0 type:0x2 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004200002500 FI:0x000c21a0 type:0x2 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004200002500 FI:0x00138000 type:0x2 BDF:25:00.0
[…]
[ 0] IOMMU:0xffffffff817ec040 FR:0x8a00000000002500 FI:0xfffffffdf8d30000 type:0x8 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004300002500 FI:0x00124000 type:0x2 BDF:25:00.0
Issue #4921.
While this approach still scans "holes" in the bus range, it stops
scanning at the maximum subordinate bus number reachable from the base
PCI bus at the host bridge. Startup under Qemu no longer takes about 12
seconds for scanning 256 buses.
By splitting the 'init_capability_slab()' implementation to a separate
compilation unit 'capability_slab.cc', base-hw no longer needs a
customized version of 'lib/base/platform.cc'.
Related to issue #4784
This patch replaces the internal use 'env_deprecated()' from the
implementation of the thread API in the base library. It also
replaces the global accessor 'main_thread_cap' by the explicit
propagation of the main-thread's capability to the single point of
use via a new 'init_thread_bootstap' function.
Issue #4784
This back end can be used in place of the existing jitterentropy based
on in case random is not strictly needed by the component but one
wants to use the available 'shadow/drivers/char/random.c'
implementation.
Issue genodelabs/genode-allwinner#21.
The implementation was already part of the Zynq's sd_card driver and
since other ARM drivers need it as well, promote it to the common
shadow library.
Issue genodelabs/genode-allwinner#21.
* Removes all previous structs that represented an on-disc block layout
and were therfore subject to a number of layout restrictions (packed,
padding members, enum representations, etc.).
* Adds a replacement struct without any layout restrictions for each of the
removed structs. The new structs are named similar to the old structs.
* Adds block encoding and decoding utilities for easily converting from the
new structs to on-disc blocks and vice-versa (Block_scanner, Block_generator,
T::decode_to_blk, T::encode_from_blk)
* Adapts all affected places in the library to encode and decode proberly
instead of simply casting pointers.
* Thereby cleans up the hashing utilities to use typed-reference args instead
of void pointers.
* Re-enables run/tresor_tester and test-file_vault_vonfig_report for platforms
rpi, imx53_qsb, imx53_qsb_tz, imx6q_sabrelite, imx7d_sabre.
Ref #4819
* Replaces bool access types with uint8_t access types
* Ensures, that the framework always uses the smalles possible uint type
for the return value wherever a bitfield is read and returned to the user.
Ref #4924
In some instances, the fetchurl progress determined by
depot_download_manager will be empty when the download fails (e.g. due
to a 404), this commit fixes a bug where this would be interpreted as
the download having completed which would subsequently start hash
verification of a package that has never actually been downloaded.
Fixes#4919
The depot_remove component can delete PKG archives with
automatically resolving dependencies and deleting archives that are not
required on the system anymore.
Issue genodelabs#4866
On some platforms (x86_32/pistachio, x86_64/sel4) system startup is slow
and the previously configured 30 seconds not sufficient. With this commit, the
timeout is raised to 60 seconds only when running on such a platform.
Ref #4923
This test was originally a copy of ping.run and therefore unnecessarily
inherited all its complexity for testing ping component behavior. Additionally,
ping.run was more actively maintained and evolved over time whereas
nic_dump.run didn't receive the same care. Now, the test fails on certain
platforms although NIC dump works just fine. Therefore, this commit reduces the
test behavior to what is really necessary for testing nic_dump and by doing so,
also fixes the failing targets.
Fixes#4926
On x86_32 okl4, the test timed out although the test timeout was already at
240 seconds for this platform. Instaed of raising it further, this commit
reduces the number of ping rounds for all platforms that are considered as
slower by the test.
Ref #4923
This patch restricts 'Region_map::attach_executable' to create read-only
mappings, while offering the option to map the full rights using a new
'attach_rwx' method.
The 'attach_rwx' method is now used by the dynamic linker to explicitly
attach the linker area with full rwx rights. With the old page-fault
handling code, the execute flag was evaluated only for leaf dataspaces,
not for managed dataspaces while traversing region-map hierarchies.
With the new page-fault handling code, the execute bit is downgraded
to no-execute when passing a managed dataspace that is not attached
as executable.
Issue #4920
The change "core: allow offset-attached managed dataspaces" addressed a
corner case of the use of nested region maps. Apparently, this change
negatively affects other scenarios (tool_chain_auto).
In order to confidently cover all the differnt situations, this patch
reworks the page-fault resolution code for improved clarity and safety,
by introducing dedicated result types, reducing the use of basic types,
choosing expressive names, and fostering constness.
It also introduces a number of 'print' hooks that greatly ease manual
instrumentation and streamlines the error messages printed by core.
Those messages no longer appear when a user-level page-fault handler
is reistered for the faulted-at region map. So the monitor component
produces less noise on the attempt to dump non-existing memory.
Issue #4917Fixes#4920
The new monitor component at os/src/monitor is the designated successor
of the gdb_monitor. This initial version, however, implements only the
subset needed to inspect the memory of the monitored component(s).
In contrast to the gdb_monitor, the new component supports the monitoring
of multiple components, leveraging the sandbox API. It can therefore be
used as a drop-in replacement for the init component. Like the gdb_monitor,
the new monitor speaks the GDB protocol over Genode's terminal session.
But the protocol implementation does not re-use any gdbserver code,
sidestepping the complexities of POSIX.
There exist two run scripts illustrating the new component. The
os/run/monitor.run script exercises memory inspection via the 'm' command
by letting a test program monitor itself. The os/run/monitor_gdb.run
script allows for the interactive use of GDB to interact with monitored
components.
Issue #4917
Let the sandbox library disregard all unknown config sub nodes so that
supplemental information - like the monitor policy configuration - is
not interpreted as a misconfiguration ("unknown config element type ...").
Issue #4917
This patch moves the destruction of the child's PD session after the
closing of all other sessions because the PD session's role as resource
container might still be needed for orderly reverting the session quotas
when closing the other remaining sessions.
Issue #4917
By default, the sandbox uses the Env::pd() as reference PD session of
the sandbox children.
However, to accomodate use cases where the interplay of the reference
PD session and the child's address space needs to be intercepted, this
patch adds a constructor that takes an interface for the controlled
access of PD intrinsics as argument.
Issue #4917
This patch replaces the former 'address_space' accessor by a new
'with_address_space' interface that grants access to the region map of
the child's address space, but limits the interface lifetime to the
scope of the caller.
Issue #4917
This patch adds the missing application of the region offset to the
resolution of page faults inside managed dataspaces, which resulted in
an unexpected "invalid mapping" message after attaching a managed
dataspace with an offset.
This limitation could be observed during the implementation of the debug
monitor that locally maps a portion of the debugging target's address
space, e.g., a view port of 16 MiB. All traditional uses of managed
dataspaces (e.g., stack area, linker area) happened to attach the
managed dataspaces from their beginning.
Issue #4917
* add semaphore command to ring in order to be able to stop ring
execution before reset (Wa KabyLake)
* implement reset sequence as done by the Linux driver
* reset ring and cancel job of vgpu causing hang
* lower watchdog timeout 1000ms -> 200ms
* improve scheduling of vgpus so progress after reset is made
* improve the generation chaos a little
* tested on Skylake, Kaby Lake, Tiger Lake
issue #4916
* Use jitterentropy only if supported.
On certain targets like pbxa9 or zynq_qemu, the performance counter always
yields 0, which renders jitterentropy unusable. On these platforms, the
Tresor tests now use a static value as entropy source instead.
* Adds a new package test-file_vault_config_report_no_entropy that is used by
the Depot Autopilot on targets without jitterentropy support instead of
test-file_vault_config_report. The only difference between the two packages
is the value of the above described new config attribute of the File Vault.
* Circumvent alignment fault.
The Tresor lib for now has the deficiency of using on-disc data structures
directly in code instead of decoding them first to unpacked, naturally
aligned structures. This causes problems with memory-access alignment on
several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
this properly is a bit of work, the commit disables the tresor_tester and
file_vault_config_report test on the affected platforms in autopilot mode for
now.
* Further adjustments
* Make benchmarks optional
* Use a smaller tresor for rekeying
* Clean up image parameters
* No use implicit routes/resources
* Reduce ram consumption
* Reduce test timeout
* Raise cap quota, required for sel4 x86_64.
Ref #4819
The debug mode turned out to be unnecessry because the plugin can be simply
replaced with an <inline> file VFS plugin that has a content size of 32 bytes.
Ref #4819
* relaxes the timing and reduces the test steps because pistachio is quite
slow and would otherwise trigger problems with our easy approach of using a
dynamic rom instead of a proper manager
* provide IO_PORT and IRQ session to timer driver
Ref #4819
With the update to sel4 and the gcc 12, assembly instructions are generated
and used, like POPCNT. The instruction is available on our native hardware,
but not emulated by the default cpu model necessarily, which leads to
undefined opcode exceptions (Qemu 4.2.1 && seL4). Additionally, the features
of the default Qemu cpu model may vary between Qemu releases and makes it
harder to correlate effects.
The attachment removal is triggered actually on _ds member destruction time,
but after the io_mem representation for the specific base-<platform> possibly
vanished already during _unmap_local in the ~Io_mem_dataspace. This creates
on base-sel4 several kernel warnings about invalid capabilities.
Issue #4913
Using $(shell find $(REP_DIR)/patches -name *.patch) fails if the
current working directory contains *.patch files due to shell wildcard
expansion before execution. Additionally, the patch list was unstable
because it was not sorted resulting in divergent hashes.
On platforms different than x86 the subsys initcall `pci_subsys_init`
is not available. Therefore, we choose an alternative one here.
Fixgenodelabs/genode#4907
In our binaries, the .note.GNU-stack section is missing, which is okay
as we do not interpret these sections anyway and map stack pages
non-executable per default.
Issue #4827
The main user of libsparkcrypto in the past was the CBE block encryption
ecosystem. However, the CBE was replaced with the Tresor block encryption that
uses libcrypto instead.
Ref #4819
This commit introduces preliminary support for joining networks secured
via WPA3-personal. So far it was only tested with the one OpenWRT AP
configured for WPA3 (see excerpt below) where it WPA3-only as well as
WPA2/WPA3 mixed worked fine.
Scan results excerpt:
00:11:22:33:44:55 5180 -45 [WPA2-SAE-CCMP][SAE-H2E][ESS][UTF-8] PewPew
00:11:22:33:44:55 2412 -67 [WPA2-PSK+SAE+PSK-SHA256-CCMP][SAE-H2E][ESS][UTF-8] PewPew2
Issue #4861.
It turns out solely relying on the name of the compilation-unit
is not enough. In at least one multi-device driver, e.g. rtlwifi,
an equally called compilation-unit is found in several different
directories. There KBUILD_MODNAME is used to name the driver,
which fails later on as the driver framework refuses to register
an equally named driver twice.
Instead of only considering the name of the compilation-unit also
include the last element of the path to generate differentiating
KBUILD_MODNAME value.
Issue #4861.
The supplicant is updated to the current release and is now downloaded
as archive rather than pulled from git. For the time being 'libnl' is
still kept at 3.2.25 as the current 3.7.0 release relies on more Linux
infrastructure that our integration does not provide.
Issue #4861.
This commit changes the firmware handling from requesting each
firmware file as a ROM module that is checked against a list of
known images (including their size) to requesting each file via
the local VFS of the 'wifi_drv'. This allows for using the original
probing mechanism that tries to select a matching firmware version.
The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to configure the driver.
Issue #4861.
This function is called when decrypting RX frames on the CPU on 32 bit
platforms. Since the frames are normally decrypted by the wireless LAN
device and this code path is triggered rather infrequently the byte-wise
implementation should not pose a performance risk.
So far it was only encounter with a 7260 device when running netperf.
Issue #4861.
The bulk of the driver code now lives in the 'dde_linux' repository,
which is available on all platforms, from where it can be referenced by
other repositories.
The 'wifi_drv' binary was delegated to a generic harness that includes
all configuration and management functionality shared by all wireless
device driver components, e.g., the wpa_supplicant. The code of the
device driver emulation environment is located in 'src/lib/wifi'. It
is referenced by the platform-specific driver library that resides in
the corresponding platform repository. The runtime configuration needs
to point the driver to proper driver library.
The platform-specific library is in charge of orchestrating the contrib
source utilized by the driver as well as providing the 'source.list'
and 'dep.list' files. It must include the generic library snippet
'repos/dde_linux/lib/wifi.inc' that deals with managing the emulation
environment code.
The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to deploy the driver.
Issue #4861.
* ARM support and detaching from Ada/SPARK
* Remove all CBE-related code - especially the Ada/SPARK-based CBE library.
* We have no means or motivation of further maintaining big projects in
Ada/SPARK (the core Genode team is native to C++).
* The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
important architecture for Genode. This would mean extra commitment in
Ada/SPARK.
* We realize that block encryption more and more becomes a fundamental
feature of Genode systems.
* Implement a new block encryption library named Tresor that is inspired by
the design and feature set of the former CBE library and that is entirely
C++ and part of the Genode gems repository.
* The Tresor block encryption is backwards-compatible with the on-disk
data layout of the former CBE block encryption.
* Except from the snapshot management and the "dump" tool, the Tresor
block encryption provides the same feature set as the former CBE block
encryption and accepts the same user requests at the level of the
Tresor library API.
* So far, the Tresor block encryption does not support the creation of
user-defined snapshots.
* In contrast to the former CBE, the Tresor ecosystem has
no "dump" tool beause with the CBE library it turned out to be rarely of
use.
* In contrast to the Block back-end of the CBE "init" tool, the Tresor
"init" tool uses a File System back-end.
* The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.
* The Tresor-VFS plugin in general is similar to the former CBE VFS but
has a slightly different API when it comes to re-keying and re-sizing.
Each of these operations now is controlled via two files. The first
file is named <operation> and the user writes the start command to it.
The user must then read this file once in order to drive the operation.
The read returns the result of the operation, once it is finished.
The second file is named <operation>_progress and can be watched and
read for obtaining the progress of the operation as percentage.
* The file vault is adapted to use the new Tresor ecosystem
instead of the former CBE ecosystem and thereby also gains ARM support.
* The former CBE tester and CBE VFS-tests are replaced by equivalent
Tresor variants and are now run on ARM as well (testing with a persistent
storage back-end is supported only when running on Linux).
* So far, the new Tresor block encryption has no internal cache for meta
data blocks like the former CBE.
* Add config/report user interface
* Add a second option for the administration front end to the file vault
named "config and report". With this front end the File Vault communicates
with the user via XML strings. A ROM session is requested for user input
and a Report session for user output. The front end type must be set at
startup via the component config and is a static setting. The graphical
front end that was used up to now is named "menu view" and remains the
default.
* The File Vault can now reflect its internal state and user input ("config
and report" mode only) at the LOG session via two new static config
attributes "verbose_state" and "verbose_ui_config" (both defaulting to
"no").
* The Shutdown button in "menu view" mode is replaced with a Lock button. The
new button doesn't terminate the File Vault but merely lock the encrypted
container and return to a cleared passphrase input. The same transition is
also provided in "config and report" mode.
* The file_vault.run script is replaced with file_vault_menu_view.run and
file_vault_cfg_report.run that address the two front end modes. In contrast
to the former script, which is interactive, the latter script is suitable
for automatic testing.
* There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
the same as file_vault_cfg_report.run but uses the File Vault package and
can be executed with the Depot Autopilot. The new test package is added to
the default test list of depot_autopilot.run
* The File Vault README is updated to the new version of the component and
has gained a chapter "functional description".
* Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault.
* The new Tresor software Trust Anchor has an optional deterministic mode in
which it replaces the normally randomized symmetric keys with 0. This mode
comes in handy for debugging. However, it should never be activated in
productive systems. When activated, the user is warned extensively on the
LOG that this system mode is insecure.
Ref #4819
Changes to the platform driver triggered a map() error while mapping an
address block at 0x3000 of size 0x800. Since the mapped size was larger, the
loop continued and tried mapping address 0x4000 where no dataspace was
found.
genodelabs/genode#4761
By transforming the Device_pd into an Io_mmu::Domain, we implement an
IOMMU device that uses the kernel API for controlling the IOMMU. This
device gets special treatment and is used by default for every device
that has no <io_mmu/> child.
genodelabs/genode#4761
Every session component manages a registry of Io_mmu::Domain objects
that it creates on demand depending on the acquired devices (i.e. the
IOMMU devices referenced by the acquired devices). Via the domain
objects, a session component adds/removes the address ranges of the
allocated DMA buffers. Additionally, domain objects provide an interface
for enabling/disabling pci devices.
Domain objects get destroyed with the corresponding control device.
Moreover, on devices/policy ROM updates, domain objects of control
devices that are not referenced by any acquired device anymore get destroyed.
genodelabs/genode#4761
This allows referencing an arbitrary number of IOMMU devices within a
<devices> node, e.g.:
<device>
<io_mmu name="foobar"/>
</device>
The specified name is supposed to refer to an existing device in the
devices ROM. The platform driver automatically acquires known IOMMU
devices whenever they become available so that the device object can be
looked up from the platform-driver-owned devices.
genodelabs/genode#4761
With this change, platform-specific code is able to define factories that
acquire IOMMU devices to be used by the platform driver.
genodelabs/genode#4761
The method did not handle device changes properly. When a new policy
does not contain an owned device any more, we must consider this device
as changed and release it. Moreover, the warning messages were interchanged.
genodelabs/genode#4761
"-cpu phenom" does not support all CPU instructions necessary with
gcc 12 toolchain update issuing more SSSE3, e.g. pshufb.
Additionally, remove good/bad Qemu version check of outdated versions.
Issue genodelabs/genode-world#329
In 'SUPR3InitEx' (SUPLib.cpp) a 'SUPQUERYFUNCS' structure is allocated
with
! (PSUPQUERYFUNCS)RTMemAllocZ(SUP_IOCTL_QUERY_FUNCS_SIZE(CookieReq.u.Out.cFunctions));
where 'CookieReq.u.Out.cFunctions' is 0. To determine the size of the
allocation
! #define SUP_IOCTL_QUERY_FUNCS_SIZE(cFuncs) \
! RT_UOFFSETOF_DYN(SUPQUERYFUNCS, u.Out.aFunctions[(cFuncs)])
is used with cFuncs = 0 (SUPDrvIOC.h) leading to an allocation up to the
arrow below
! typedef struct SUPQUERYFUNCS
! {
! /** The header. */
! SUPREQHDR Hdr;
! union
! {
! struct
! {
! /** Number of functions returned. */
! uint32_t cFunctions;
! /** Array of functions. */
==> end of allocation
! SUPFUNC aFunctions[1];
! } Out;
! } u;
==> sizeof(SUPQUERYFUNCS)
! } SUPQUERYFUNCS, *PSUPQUERYFUNCS;
In sup.cc (Genode) 'ioctl(SUPQUERYFUNCS &request)' will lead to
'with_out_ioctl'
! auto &out = request.u.Out;
where auto is 'SUPQUERYFUNCS' and finally
! out = { };
will zero out 'SUPQUERYFUNCS' up to the second arrow above. Because
'RTMemAllocZ' will call 'calloc' to allocate the memory 'out = { };'
will corrupt the slab block after the allocation. Therefore, it is
reasonable to allocate at least 'sizeof(SUPQUERYFUNCS)'.
Note there might be other 'ioctl' cases like this. A better way might be
to use 'SUPQUERYFUNCS.Hdr.cbOut' to determine the 'out' size.
fixes#4675
In case the meta data (or more) got zeroed upon 'free', print error
message. The offset in the meta data can never be zero. This does not
help on other memory corruptions, but at least gives a hint in the too
much zeroed out case.
issue #4675
GPU device access is hard to achieve in run scripts and even harder to
implement generic.
Use the "Modularize Sculpt OS image creation"
(commit b723b11b30)
approach instead.
issue #4900
The XHCI model reserves 0x4000 of IO memory but uses only 0x530.
Implement read (0) and write (nop) for these regions as real hardware
does.
fixes#4902
Triggered by the toolchain update to GCC 12 certain pragmas lead to
a build error as those are now unknown. As quick-fix add '-gnatwG',
which suppresses warnings on unrecognized pragmas.
Issue #4880.
When a GPU session is destroyed, remove vgpu of session from scheduling
and as possible active vgpu. Otherwise, page faults might occur in case
already destroyed vgpu object is referenced during interrupt handling.
fixes#4881
Apparently we need to save the floating point arguments when entering
the linker in case "-fno-tree-vectorize" is at work. Otherwise this
registers get corrupted during jump slot relocation.
Fixes#4879
Either enable strict-alignment or disable FPU code generation by gcc
regarding bootstrap code, which cannot handle alignment faults during
initialization properly.
Ref genodelabs/genode#4827
/data/genode/repos/os/src/server/lx_fs/directory.h: In member function ‘virtual Genode::size_t Lx_fs::Directory::read(char*, Genode::size_t, File_system::seek_off_t)’:
/data/genode/repos/os/src/server/lx_fs/directory.h:224:53: error: ‘dent’ may be used uninitialized [-Werror=maybe-uninitialized]
224 | .type = type(dent->d_type),
| ~~~~~~^~~~~~
/data/genode/repos/os/src/server/lx_fs/directory.h:197:40: note: ‘dent’ was declared here
197 | struct dirent *dent;
| ^~~~
Issue genodelabs/genode#4827
Eliminate the creation of 'Genode::String's before the linker has been
self relocated, because 'Genode::String's will call 'Genode::strlen' on
construction from C-Strings, which has now become a GOT relative call,
while the GOT contains only zeros before relocation -> page fault at
IP 0.
fixes#4867
related to #4827
error: 'void operator delete(void*, Genode::Deallocator&)' called on pointer returned from a mismatched allocation function [-Werror=mismatched-new-delete]
Issue #4827Fixes#4850
error: ‘void operator delete(void*, Genode::Deallocator&)’ called on pointer returned from a mismatched allocation function [-Werror=mismatched-new-delete]
Issue #4827Fixes#4848
An early version of nitpicker used a pointer as 'owner' with the null
pointer representing nitpicker's built-in views, which are nowadays
represented by 'Main::_global_view_ower'. The null-pointer check is a
left-over from the earlier days.
Fixes#4847
Since repos/base/board/pc/devices is empty, the run script no longer
works on PC. Nobody noticed because the use case of this run script -
as development test loop for the ps2 and fb_sdl - are better served by
other scenarios nowadays, e.g., using declaring 'build: ps2' for a
custom Sculpt OS build.
Removed in the context of issue #4860.
Bit 0:3 indicate which of the (up to) 16 supported LBA formats is
used for this namespace. Instead of only looking at those bits the
driver looked at the complete 0:7 bits. Those, however, also include
information on how metadata may be transferred. That leads to using
the wrong index for reading the LBA format.
Fixes#4832.
This patch solves keyboard-focus issues with the wifi dialog that were
caused by making the focus update conditional. However, since the update
is not expensive, we can unconditionally re-evaluate the focus atfer
each user interaction.
Issue #4820Fixes#4856
This patch solves the false-negative error message "failed to open file"
referring to an ioctl info file during an ioctl call. The message is
now avoided by checking for the existence of the file before reading it.
However, the observed symptom uncovered an actual bug that was
introduced in commit "libc vfs: open OSS 'info' file only once" with
the attempt to cache the content of ioctl info files. When called
multiple time for different paths, 'Vfs_plugin::_with_info' would
wrongly return the info from the first call as cached in a local
static variable.
The patch fixes the problem by a new added 'Cached_ioctl_info'
implementation in the scope of the 'Vfs_plugin'.
Issue #4372Fixes#4852
This patch includes the system dialog in the global keyboard focus
handling, supports hovering of the "Edit" and "Add" buttons,
allows the use of the enter key to finish URL editing, and
triggers a re-scan of depot users after adding a new one.
Issue #4820
Should the selected depot user not be present in the depot - for example
after switching the sculpt partition to another - unfold the selection
of all present depot users so that the one can pick an existing one.
Issue #4820
If the DMA memory allocation alignment is unfortunate (not natural size
aligned), the IOMMU (AMD/INTEL) may not use larger(super) pages with effects
on the page table walk frequency and TLB caching.
Issue #4820
We repeatedly experience issues with XHCI handoff in the USB host driver
at runtime on modern systems. Mostly, these issues manifest as
initialization delays with very high CPU load. Investigations show that
during this time the handoff MMIO write does not return, which hints the
firmware driver enters some spinning loop. I suspect the enabled IOMMU
does not play well with the firmware due to insufficient RMRR
information.
Therefore, we disable USB handoff in Sculpt via the driver manager (as
we do for dedicated devices already in other contexts). Note, UHCI and
EHCI handoff is still done in the platform driver and succeeds on all
our test hardware.
Issue #4820
This split allows us to cross-compile all arm_v8a packages needed for
'goa build' by creating pkg/arm_v8a/goa.
The components featured on pkg/goa-linux are solely needed for 'goa
run'. As they contain a number of lx/hybrid components, pkg/goa-linux
must be complied on Linux running on the target architecture.
Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault. The regression was
caused by new semantics in the vfs that did not allow for using the file
operation result as indicator for whether the unlock attempt failed or
succeeded. The correct and hereby applied approach is to check for the data
read from the file after having written the unlock command. The data reads
either "ok" or "failed".
Before scheduling we check if the execlist is empty. When many clients
are present, the bits might not be cleared by hardware yet. Before the
watchdog timer would trigger, because we scheduled nothing. Now we try
serval times, even if this fails, we still schedule because in the worst
case only a preemption would happen.
issue #4820
Commit "vbox: avoid uncaught nic Empty_ack_queue exception" introduced a
performance regression due to packet retransmission because of faulty
GSO segment handling. As fixing the GSO handling is fairly complex, we
disable GSO until a fix was developed.
Issue #4820
Issue #4821
This patch mitigates potential busy feedback effects when evaluating the
reports produced by 'depot_deploy' in a closed control loop. Reports
are now generated only if the deployment state has changed.
Issue #4818
This patch marks a child as incomplete if one of the ROM modules listed
in its blueprint is missing. This, in turn, triggers the update system
in Sculpt, which then tries to download the missing pieces.
Issue #4818
By managing downloads issued by the deploy subsystem via the
'Download_queue', failed downloads (e.g., due to HTTP error 404) are
properly tracked and don't cause infinite re-attempts.
Issue #4818
This patch promotes the event of an exiting child to become immediately
reported, reducing delays for management components that watch the exit
status of children.
Fixes#4814
This patch replaces the former 'nic_drv' and 'nic_drv_dtb' functions
by a more general 'nic_driver_routes' function that can return one or
multiple platform-specific ROM routes for NIC-driver binaries and dtb
files. This allows for supplying customizations for the wifi driver
as well. E.g., on the PinePhone, this hook can be used to handle the
renaming of the 'wifi_drv' to 'a64_wifi_drv'.
Related to issue #4813 and issue genodelabs/genode-allwinner#17.
The wifi VFS plugin is solely there to provide a hook for calling
'Lx_kit::initialize()' prior to the static ctors. As the corresponding
symbol can be resolved at run-time there is no need to add the
library as a build-time dependency.
Issue #4813
The device-tree binary is normally required on ARM-based platforms
where as on x86 it is omitted. The platform-specific DTB helper
provides a generic interface for accssing the DTB and needs to be
implemented on each platform.
Issue #4813
The SDIO connected wireless device on the PinePhone is not available
on start-up, which leads to the supplicant failing to initalize
'wlan0'. Normally the supplicant would be used in a way that handling
devices that appear at run-time happens gracefully.
Rather than supporting this behavior we defer the start-up of the
supplicant until the device could be openend successfully for now.
Issue #4813
The MAC address device report should be published once the device is
available. Since this may happen at a later time we have to check the
call.
Issue #4813
This commit introduces support for building the WLAN driver for ARM
platforms. It makes the WPA supplicant and its support libraries
available for all platforms. It also seperates the PCI parts to
accommodate platforms where other bus protocols are used.
Issue #4813
The driver was only tested with an "Atheros AR9462 Rev:2" [168c:0034]
device using the 'wifi.run' run script.
Note: for it to work MSI may not be used as otherwise interrupts do not
work. Using an IOMMU leads to the following fault:
[ 0] IOMMU:0xffffffff817eb0b0 FRR:0 FR:0x22 BDF:4:0:0 FI:0xb0000000000000 (0)
Issue #4813
The way the 'struct page' management is currently implemented it is
not safe to rely on it in case allocations share the same page. This
is in particular true where the virtual address is obtained by
querying the page object for maintaining the CPU caches.
Issue #4813
Optionally log scheduling-context execution time in addition to the
thread-context. This may be relevant on kernel platforms that do not
schedule threads on their own CPU share only but implement some kind of
donation scheme, for example, NOVA.
Usage
<config sc_time="yes" ...> ... </config>
Fixes#4805
This commit updates the used firmware images for the iwlwifi device
to latest available ones (supported by the current 6.1.x driver).
It also removes old firmware images that by now are not used anymore.
Fixes#4807.
Unfortunately, the change of "depot: remove empty config from
pkg/nano3d" broke the manual deployment of the nano3d demo because no
<config> is provided in this case.
This patch splits pkg/nano3d into two variants. The regular nano3d pkg
comes with an empty <config/> node as before. The unconfigured_nano3d
pkg does not feature any <config/> node and can thereby be configured
via a ROM route to a dynamic-rom service.
This patch equips the depot_download subsystem with the option to
explicitly skip the signature verification for downloads by specifying
the attribute 'verify="no"' for an <installation> item. This is useful
in scenarios where the lack of integrity of downloaded content does not
pose a risk, e.g., for untrusted applications that are rigidly
sandboxed, or during development.
Note that this option does not entirely discarge the signature checking.
Whenever an download has dependencies that are verifyable - for
which the public key exists in the depot - the dependencies are still
verified. This allows untrusted content to depend of verifyable content
while protecting the integrity the verifyable content.
Issue #4804
This patch adds the 'Verify' argument to all download-related interfaces
in order to control the checking of signatures for downloads. Note that
it does not change the sculpt_manager's existing built-in policy of
always checking signatures.
Issue #4804
This patch moves the interfaces needed for the interactive addition of runtime
components from the 'Popup_dialog' to the 'model/component.h'. So those
interfaces are no longer tied to one specific view implementation.
This free-standing function is meant to gradually replace
'Dialog::match_sub_dialog' interface, which relies on the caching of
the hover state. The new function is more flexible because dialogs do no
longer need to inherit 'Dialog'.
The missing else statements resulted in the addition of a
superfluous <archive> node when installing an <index>, causing
warning messages by the depot-download subsytem.
This patch adds the ability to specify an optional 'as' attribute in a
<rom> module declarion of a runtime file.
<runtime ...>
...
<content>
<rom label="camera-pinephone.dtb" as="dtb"/>
...
</content>
</runtime>
If specified, The depot-deploy tool uses the provided attribute value to
hand out the ROM 'camera-pinephone.dtb' under the label 'dtb' to the
subsystem.
Recent devices are configured with 4096 RX pages that lead to an
increased memory usage. For the moment lower the amount to 2048
and treat in potientially lower throughput for more conservative
memory consumption.
Fixes#4801.
For Windows guests, it's crucial to configure the paravirtualization
provider in .vbox6 like follows. Otherwise, the TSC calibration fails
(issue #4726) and the CPU frequency (in task manager) is bogus.
<Paravirt provider="HyperV"/>
Fixes#4726
The get_cycles() call within the test doesn't apply to RDTSC
access when running on ARM but to arch_timer_read_counter, which
is an empty function pointer. By setting it to a function that
returns Genode::Trace::timestamp() we can enable the test for ARM.
Issue #4775
- move metadata specific to isochronous transfers from the descriptor
into the content of USB-session packets
- restore support for 32 in-flight packets in the USB C API
Fixes#4749
Now, block_devices are reported earliest right after the devices ROM was
parsed and neither AHCI nor NVMe were found. If one or both devices were
found, the report is deferred after all expected reports arrived.
Issue #4791
Previously the 'partitions' report was implicitly generated after
parsing the partition-table by accessing the referenced reporter
object.
Now the report is explicitly created by calling the 'generate_report'
member function. At this point we no longer have access to all
required information so the 'Partition' class was extended to
accommodate for the data needed by MBR as well as GPT reports.
Fixes#4786.
The 'File_content' utility throws an exception whenever a file happens
to get truncated during the reading process. But it silently truncates
the data against the specified limit. In practice, exceeding the limit
is usually an error case. This patch enhances the 'File_content' utility
by throwing 'Truncated_during_read' in the limit-exceeded case as well,
in order to ease the diagnosis of such cases.
Issue #4788
'cap()' will return invalid capability within session destructor, therefore Vram
objects that belong to the session will not be destroyed, leading to danling
references later on. Use '_owner.cap' of session instead.
The new 'init_platform' function performs the platform-specific
component-local low-level initialization. It allows for the
differentiation between core and regular components as well as
kernel-dependent peculiarities.
This patch introduces a consistent notion of a 'Platform'. Within core,
the 'Platform' contains the kernel-specific initialization. Outside
core, the platform sets up the interplay with the parent component. In
all cases, the platform is constructed while running on the initial
stack.
Issue #4784
VirtIO device models can assert interrupts to notify about
buffer and configuration changes. By now, we could only assert
buffer notification interrupts, but no configuration changes.
The latter is needed, e.g. to notify about GPU mode changes.
Ref genodelabs/genode#4783
Depending on the number of partitions the current fixed size of 4096
bytes might not be sufficient for the resulting partitions report.
The use of the expanding reporter allows for accomodating large reports
while still keeping the resource usage down for the common case of
few partitions (with potentially short names).
Fixes#4782.
The implementations of snprintf and vsnprintf are not needed for the
loading of png images by the demo applications. So we can avoid the
dependency from the format library hosted in the libports repository.
Issue #2064
This commit introduces support for the HMB feature and will setup the
buffer during start-up. The host-memory-buffer (HMB) feature is mostly
used on NVMe devices that do not make use of an DRAM cache to store its
translation tables amongst other operational data. Not using HMB can
impair the performance on such devices.
The memory is allocated in 2 MiB chunks of DMA-capable memory and its
total size in bytes is configurable via the 'hmb_size' config attribute.
The driver always checks the minimal and preferred size of the HMB and
issues a warning in case it is not enabled via the configuration.
Moreover, if the configured size is less than the minimal amount
required by the device the HMB is not configured at all and a warning
is issued also. If the configured size is more than the preferred size
it will be capped to that amount.
Fixes#4715.
This patch converts the loader implementation to the 'Session_object'
interface to implement the ability to upgrade the session caps and RAM
after after the session creation. This is needed to accommodate the
change of the Loader::Connection in commit "Remove format strings from
connection types".
Issue #2064
This patch ultimatedly removes format strings from Genode's base API.
Users of the former base/snprintf.h and base/console.h headers may
use the free-standing 'format' library hosted in the ports repository.
Fixes#2064Fixes#3869
This little library implements rudimentary format-string support. It is
useful for porting 3rd-party code that ought not depend on a full libc.
Issue #2064
The new 'Connection' constructor accepts the session label, affinity,
and args as constructor arguments. The session arguments are passed as a
'Genode::String'. This allows for side-stepping the need for rendering a
format string passed to 'Env::session'.
Issue #2064
The additional files provide Chacha implementation in case
may_use_simd() returns false because in_interrupt() returns true.
Related to issue #4778, commit "lx_emul: track irq state changes"
Implement udelay for all architectures within common lx_emul code,
remove driver-specific version.
Always do busy looping in udelay and use cpu_relax()
like the original Linux code. Thereby, we profit from architecture specific
instructions (cpu cool down), and jiffies are updated if irqs are on.
Ref genodelabs/genode#4778
There are rare use-cases where cpu_relax is used inside a busy loop
(i2c bus functions), which only will break when the jiffies counter
reaches a specific value.
Because of the cooperative scheduling done in lx_emul, no timer
interrupt will break such a loop. As a workaround, we check for
necessary jiffies updates inside cpu_relax if interrupts are enabled.
Ref genodelabs/genode#4778
To be able to check for interrupts being on or off,
the enabling and disabling is tracked in lx_emul.
When interrupts get received, they have to be turned off.
Ref genodelabs/genode#4778
Do not start and stop idle ticking within the timer interrupt
routine, but do it around the whole Lx_kit scheduling, which
is always called when Linux code gets active again, either
because of backend signals, interrupts, or timing signals.
This commit implicitly reverts the (incomplete) solution of
issue #4550
Ref genodelabs/genode#4778
Linux kernel static functions usb_string_sub() and usb_get_langid() were
made accessible to implement robust string rerieval.
Fixes#4756Fixes#4757Fixes#4772
The namespace draws a clear line between the base library and the core
component.
It is declared at the new core-local header <types.h>, which is expected
to be included by all code of the core component. It is thereby a
natural place for kernel-agnostic general types like commonly used C++
utilities.
Fixes#4777
Implicitely fixes problems with USB devices having more than 4G blocks.
Formerly the 16-Cmd LBA requests were silently casted to 32-bit.
Fixgenodelabs/genode#4771
In case the packet is erronous the value of 'actual_size' can be
invalid and using it may lead to a page-fault due to out-of-bounce
access.
With this commit access is only performed on successful packets.
Fixes#4763.
Workers are only summoned by the manager or when there are no workers on
a work queue. In case a work in front of a work queue depends on a work
behind it, a deadlock may occur. To solve this Linux spawns a rescue
worker using timers. Timing of Linux based drivers is currently reworked
and not reliable. Therefore, we increase the number of workers that are
spawned from 1 to 3 per work queue in order to resolve possible
deadlocks.
Fixes#4762
Set wakeup pointer in FADT/FACS tables and prepare/place ACPI resume code
at application processors (AP) 16-bit entry. Exclude memory used for AP resume
from RAM range to avoid usage by Genode core in allocators.
Issue #4669
The CPUs are woken all at once and up to now the IDs are assigned depending
on the arrival order, which is unfortunate for the resume case. Keep track
of once assigned IDs for CPUs, so that on resume the very same CPU id is given.
The APIC id is guaranteed to be fixed per CPU on suspend, but unfortunately
not dense packed.
Issue #4669
The ACPI table FACS and FADT are required to support ACPI suspend/resume. The
commits add the lookup of the ACPI table in bootstrap and the general usage
of the ACPI registers via the MMIO framework.
Issue #4669
Add explicit init() to Timer infrastructure to re-initialize the hardware
based on the parameters given during constructing time of the timer object.
Issue #4669
On resume the CPU state must be re-initialized, since all CPUs have been
potentially off (depending on sleep form) and lost state. Handle the halt
and suspend state explicitly by an extra Job implementation which can be
executed without holding the global kernel lock.
Issue #4669
Instead of re-using the register values found in HCR_EL2 and CPTR_EL2
and setting single bits within them, define the complete content to
prevent inconsistent hardware/hypervisor state.
Ref genodelabs/genode#4759
Several explicit casts could not be avoided yet, due to the missing
differentiation in between virtual and physical addresses that leads
to casting problems when using 32-bit ARM, and because the MMIO
register framework does not allow to return narrowed types of bitfields.
Apart from that, this commit fixes a switch-case fallthrough error in
Mmio_register::write.
Fixgenodelabs/genode#4770
The read_config and write_config functions in the generic virtio
headers used by all drivers lead to compiler warnings resp. errors
if effective-c++ switch is enabled. Moreover, the functions require
to define the access width as parameter. We can better turn them
into template functions using the value type to read resp. write to
derive the access width.
Ref genodelabs/genode#4344
The 'file_size' type denotes the size of files on disk in bytes. On
32-bit architectures it is larger than the size_t, which refers to
in-memory object sizes.
Whereas the use of 'file_size' is appropriate for ftruncate and seek, it
is not a suitable type for the parameters of read/write operations
because those operations refer to in-memory buffers.
This patch replaces the use of 'file_size' by size_t. However, since it
affects all sites where the read/write interface is uses, it takes the
opportunity to replace the C-style (pointer, size) arguments by
'Byte_range_ptr' and 'Const_byte_range_ptr'.
Issue #4706
Prior to this change the libdrm Lima implementation supported the
creation of multiple contexts where each context, however, was
treated as the same client like it was done in the Lima driver
itself.
With this commit each context becomes its own client while the
main context always performs all buffer object related allocation
and the other context import each needed BO before submitting.
Fixes#4760.
Sync file-descriptors a purely virtual and are not known by the libc and
should be only accessed by 'drm_poll'. To prevent accidental access move
them to range never used by the libc fd allocator.
Issue #4760.
We determine the owner of a Vram object by the session cap of the
session that created the object. We should not copy this cap to other
places because this increases reference counting, that can become very
large with many objects. Therefore, we pass a wrapper 'Owner' object
containing the cap by reference.
issue #4713
* 'map_buffer', GTT mappings are currently not used by Iris
* 'set_tiling', tiling is currently not used by Iris because there are
no GTT mappings
issue #4713
Change the abstraction from buffers to video RAM (VRAM). The notion of
buffers can be provided at the client side (e.g., Mesa) and multiple
buffers can be there be associated to one VRAM area, thus saving
resources (meta data overhead) when allocating many buffers. A VRAM area
can also be mapped to one single buffer as before for clients or drivers
that do not take advantage of this feature.
issue #4713
by checking for it in core, submitting a signal (if registered) and not
replying instantly. Before this commit, an exception (a non page fault)
caused and endless "unknown exception" loop between originator and core.
This was handled before commit "core: kernel-agnostic 'Mapping' type" by
throwing an exception, which was with that commit not working anymore.
Fixes#4751
Segment assignment stays valid for all sections following .dynamic,
which implies that .got and co also end up in the PT_DYNAMIC segment.
This is not intended. Therefore, we move the .dynamic section before
bss and assign bss to the rw PT_LOAD segment only.
fixes#4750
The screenshot trigger displays a little red dot at the upper-left
corner of the screen. When touched or clicked-on, it generates an
artificial key-press-release sequence for the print key and disappears
for one second. In this time, a separate screenshot component can handle
the print key by capturing the screen without the red dot appearing in
the saved picture.
The touch-keyboard config accepts the new attributes 'opaque="yes"
and 'background=#112233' to control the dialog background. The
attributes are passed unmodified to embedded the menu view.
This patch add the support needed for implementing on-target
system-update functionality. The new 'empty' method is required for the
two-step procedure of updating image-index files - removing the old
index, followed by downloading the most current one. It is used to the
detect the completion of the first step.
Issue #4744
This patch reflects more details such as the percentage value for
downloads maintained in the download queue. This makes this information
easier to display at the GUI.
Issue #4744
This patch replaces the generic "In progress..." message by slightly
more concrete information about the type of operation. This is useful to
distinguish the two steps during the expansion of a partition.
This patch enhances the depot_download subsystem with support for
downloading and querying system images.
The installation ROM support the following two now download types:
<image_index path="<user>/image/index"/>
<image path="<user>/image/<name>"/>
Internally, the depot-download subsystem employs the depot-query
component to determine the missing depot content. This component
accepts the following two new queries:
<images user="..."/>
<image_index user="..."/>
If present in the query, depot_query generates reports labeled as
"images" and "image_index" respectively.
The also tracks the completion of each job depending on the depot-
query results, so that the final report contains a result for each
installation item requested. Prior this patch, the inactivity of the
depot-download manager (indicated by an empty state report) was
interpreted as success. But that prevents the proper association of
results and requested installation items.
Issue #4744
The 'scan' query for depot users used to list the names of depot users.
However, the URL and existence of a pubkey is useful to know when
assembling a GUI menu from this list.
Issue #4744
This patch improves the Readonly_file::read method such that the
capacity of the specified buffer is used as upper bound for the read
operation instead of VFS-internal I/O buffer sizes. This relieves the
caller from implementing a read loop in most cases.
As a step away from C-ish use of the API, the patch deprecates the old
'read' method that takes the buffer as char *, size_t arguments.
Fixes#4745
Each time when enlarging the menu view, a new 'Gui_buffer' is
constructed with the new size. At its contruction time, the default
reset background color is in effect, which is evaluated by
'reset_surface' as part of the construction. A custom reset color
takes effect only after the construction. Hence, when the Gui_buffer is
flushed to screen immediately at construction time, the gray default
becomes visible for a short time.
This patch changes the Gui_buffer to accept the reset background color
as construction argument so that it takes immediate effect.
Related to #4592
The new utility returns a key code for a passed name and is implemented
by linear search, which is slow but sufficient in situations like config
updates.
Issue #4748
The leading newline in the _capture function confused _filecontent,
which resulted in empty port hashes.
Fixes regression introduced in 437fd21ba0
(issue #4725).
lwip uses a sophisticated reference-counting scheme in chains of pbufs,
which the former manual implementation of read() for TCP data broke.
Using pbuf_free_header() keeps the chain intact and also relieves our
implementation from the burden of "offset" maintenance.
Fixes#4722
Due to lacking hardware access the driver was test with one RTL8188EE
based device, namely [10ec:8179] (rev 01), only. As the access to the
PCI config space is restricted the driver loads the non power-saving
FW and the driver port is therefor only tested with that. The
accesses are documented should we choose to support them one way or
another later on.
The 'wifi.run' run script as well as Sculpt served as testing ground
where the driver worked fine so far.
Fixes#4714.
Check if we are able to submit the Usb packet before attempting to
allocate it. In case the queue is already full we wait until another
pending packet is freed.
Fixes#4701.
Up to now it was only checked if an issued admin command was processed
in a timely fashion. Otherwise it has been treated as failed.
However, the completion-queue entry was not examined and the caller was
not able to access the entry itself. Depending on the command, checking
the completion-queue entry might be necessary, e.g. GET/SET_FEATURE.
Issue #4715.
Since the 'Platform::Device' constructor will defer the creation until
the content of the devices ROM is valid performing the PRP list helper
creation afterwards should be done with valid IOMMU information.
Issue #4715.
Some USB devices (e.g., webcams) fail to deliver their configuration
descriptor early after power-up. Testing revealed that retrying the
requests usually succeeds on second or third attempt.
Fixes#4739
Genode build system allows to easily enable 'ccache' for builds. This
change allows to enable using 'ccache' also for build of reference
Linux kernel used during porting device drivers.
To enable 'ccache' it is enough to pass value of 'CC' variable when
executing Linux build but this build by default depends on time when it
is built which causes 'ccache' misses. To solve this issue additional
flags are passed to make build independent from time, current user and
host on which build is performed.
Issue #4718
With the new 'presets:' tag, .sculpt files can now refer to deploy
configurations to be integrated in the presets/ subdirectory of the
config file system. Those files can thereby be used as preconfigured
system scenarios. Such a preconfigured scenario can be loaded at
runtime by copying the preset file to config/deploy.
Issue #4731
In case of very rapid config ROM change (<300ms), the linux driver may still
be in progress of applying the previous change (e.g. switching connector on/off).
During this progress all tasks may become not runnable (waiting for IRQ/timeouts
until hardware state settles), the newest config ROM change/signal gets
dispatched, which lead to continuing the previous change request, but not
to re-starting/re-applying the new config change. To avoid this situation,
explicitly track whether a previous config change was finished and track if an
interim config change request came in. If so, re-start the lx_user
task with the newest config change.
Fixes#4721
* Update links from forward rules only with forward rules and links from
transport-routing rules only with transport-routing rules. Besides raising
the performance of the code, this also fixes a former bug that allowed
forward-rule links to falsely stay active because of a transport-routing
rule that matched the client destination ip and port.
* Don't use good-case exceptions for updating TCP/UDP links on re-configuration
of the router.
* Make conditions when to dismiss a forward rule easier to read.
* Introduces != operator to the public Port class in the net library.
* Fix unnecessary log message that a link was dismissed when only a potentially
matching forward rule turned out to be not matching.
* Apply Genode coding style to if statements with a single body statement.
Fix#4728
This fixes a bug that was introduced by this earlier commit:
"nic_router: find forward rules w/o exceptions"
The NIC router used to falsely dissolve TCP/UDP connection states when
reconfiguring although the connection states were still legal according to the
new config. The reason was that the above mention commit nested lambdas but
missed to return from the last nesting level when having found a configuration
that legitimates the connection state.
Ref #4728
Tests on qemu would fail when started with RAM sizes from 1025MiB to
2048MiB, because the the mapping hole in the page table from 1GiB to
2GiB would interfere with qemu's mapping addresses for ACPI.
Identity-map the complete first 4GiB of memory to catch all early
memory accesses during bootstrap.
Fixes#4724.
This patch simplifies the 'Deploy::update_managed_deploy_config'
interface by keeping an internal copy of the currently used deploy
template inside the 'Deploy' class. The template is updated whenever
the config/deploy file is modified.
This change weakens the coupling between the '_manual_deploy_rom' and
the '_deploy' subsystem, easing the upcoming implementation of the
switching between presets.
Adds befriended test-local wrappers for the classes Cpu_share and Cpu_scheduler
and adds a print method to the scheduler wrapper that prints the internal state
of the scheduler to the given output. Cpu_shares are referenced in the output
via a the IDs that the test uses to organize them. I.e., this corresponds to
how the CPU shares are named when calling the atomic steps the test is made of.
Ref #4151
Ref #4710
This adapts the test to the changes that were applied to the scheduling scheme
by the following commits:
* base-hw scheduler: optimize quota depletion events
* base-hw scheduler: fix bug on removing head
* base-hw scheduler: fix ready method
* base-hw: optimize & cleanup scheduler
Part of that is that the test used to check whether the act of setting a share
ready outdates the head or not. However, with the current version of the
scheduler, this check is not possible anymore. We can merely check whether the
head is outdated after setting the share ready. So, among other adaptions, this
commit adapts the expectations of the test to the new semantics of the check.
Ref #4151
Ref #4710
* Get rid of preprocessor macros.
* Introduce Main as class.
* Exit with -1 instead of endless loops on errors.
* Don't try to deal with error conditions, just print a message and exit
with -1.
* Only one operation per line.
Ref #4151
Ref #4710
This is an optimization for the case that a prioritized scheduling context
needs slightly more time during a round than granted via quota. If this is the
case, we move the scheduling context to the front of the unprioritized schedule
once its quota gets depleted and thereby at least ensure that it does not have
to wait for all unprioritized scheduling contexts as well before being
scheduled again.
Note that this introduces the possibility of undeserved starvation of
unprioritized scheduling contexts to the scheduling scheme. If there are
enough prioritized contexts that deplete their quota during a round,
they may cover up also the rest of the round with their unprioritized time
slices. If this happens every round, contexts without a priority/quota may
never get a turn. In the previous scheduling scheme, this could not occur as
the unprioritized schedule was completely independent from prioritized
schedules and rounds.
Ref #4151
Ref #4710
The scheduler did not consider the consumed quota during a call to "update"
if the head that consumed the quota was removed from the scheduler. When this
occured, the internal round time did not advance as expected but remained at
its previous value untile the next call to "update" (without a removed head)
This commit introduces a new flag that is set only when the head gets removed
in order to detect and handle the situation correctly on the next call to
"update".
Ref #4151
Ref #4710
Setting the _need_to_schedule member in the 'ready' method of the scheduler
was not done correctly. At least, the _need_to_schedule was set true in
situations were the head was not outdated by the 'ready' operation.
Ref #4151
* Remove *request* in context of: wait, reply, send to shorten it.
* Use ready_to_* instead of can_*, which is regularily used in Genode's APIs
* Replace helping_sink with helping_destination, as destination is more common
Ref genodelabs/genode#4704
The IPC protcol violations are:
* Sending to an unknown thread (cap)
* Waiting for messages if a reply hasn't happened yet
This silents threads that otherwise repeatedly cause kernel messages
about the violation.
Ref genodelabs/genode#4704
* Split the internal state into incoming and outgoing message relations
* Avoid fragmenting of one state like formerly '_state' and '_help'
* Remove pointer to caller, use incoming FIFO instead
This commit fixes at least two bugs that were triggered by tests that
destroy threads in many different states, like run/bomb:
* The '_help' data member was not reset reliable in each situation where a
helping relationship came to an end. However, when we fixed this bug alone
in the old state model, the issues remained. The new state model fixes
this bug as well.
* A thread sometimes referenced an already dead thread as receiver. This caused
the kernel IPC code to access the vtable of an object that didn't exist any
longer. Note that the two threads were not in direct IPC relationship while
the receiver was destroyed, so, there must have been an intermediate node
between them. Due to the complexity of this problem, we eventually gave up
pin-pointing the exact reason in the kernel IPC code. The issue disappeared
with the new state model.
Fixgenodelabs/genode#4704
When writing the GPT header, the tool always wrote the GPT entries
belonging to the primary header to LBA following the header. Normally
this is LBA 2 as the header is located in LBA 1. The GPT allows for
up to 128 entries that all in all cover 16 KiB of storage space.
However, on some systems, e.g. ARM-based machines, the bootloader can
be stored in this region. For this reason the GPT entries may be moved
to a different LBA.
This commit changes the tool to adhere to then given GPE LBA in header
when writing out the modified GPT data.
Fixes#4720.
The old 'Io_response_handler::io_progress_response' interface has been
replaced by the 'Vfs::Env::User::wakeup_vfs_user' (issue #4697). The
remaining 'read_ready_response' method is now hosted in the
appropriately named 'Read_ready_response_handler'.
Issue #4706
This patch keeps driving the internal state machines until no progress
can be made. This required fixing the return values of several execute
functions, which used to report progress while being in complete state.
Along the way, the patch removes default switch cases to ensure that all
states are covered.
Issue #4706
This commit supplements the various I/O signal handlers of the VFS
plugins with calls of the new 'Vfs::Env::User::wakeup_vfs_user'
interface, which will subsequently replace the old 'Io_progress_handler'
(issue #4697).
Issue #4706
The 'blocked_handles' queue was used to notify the VFS user via the
'io_progress_response' mechanism. This is now covered by the
'wakeup_vfs_user' interface introduced in issue #4697.
Issue #4706
