The Superblock Control module now issues a snapshot garbage collection on each
incoming request. In return for that, the commit removes all calls to the
garbage collection from other modules.
Ref #4971
The Virtual Block Device module used to create a local copy of the Snapshots
array respectively Snapshot root it received with an incoming request. After
finishing the VBD operation on the copy, the source module of the request
used to back-copy the resulting Snapshot array resp. Snapshot root. This is
not only less efficient than referencing but also allowed a bug to sneak into
the new C++ implementation.
In contrast to the old Ada/SPARK implementation (CBE), the new design doesn't
allow for global objects that can be accessed by any module without receiving a
reference in a module request. Therefore, the Free Tree module has to receive a
reference to a Snapshots array with each request in order to be able to use it.
In our case, these requests are allocations for a "Write" operation from the
VBD. However, the VBD itself receives only the one Snapshot required for
writing and therefore causes the Free Tree to make bad decisions on whether or
not a block can be re-allocated or not.
With this commit, the VBD always receive a reference to the whole Snapshots
array and also propagates it this way to the Free Tree.
Ref #4971
This is function gets called by some libssh applications using vms_lxip.
For the dummy implementation I looked at the old port.
Issue genodelabs#5161
Issue gapfruit#1976
- always assign apps/overlay to targets (visible=true/false) to
prevent 0x0 geometry, which is interpreted as close
- add QMenu as exampel to panel button
- use usb-tablet on Qemu
Per default, windows assigned to targets are visible, which can be
changed with the new boolean "visible" attribute. Thus, window can be
hidden without changing their geometry.
Before, the current back-most window was not restacked if it was part of
the already, which lead to partially inconsistent view of the window
stack between decorator and nitpicker.
The added hook 'OBJ_POSTPROC_SRC' gives us a way to post-process object
files for generating supplemental code. By using this hook, the
initcall_table.c generated by import-lx_emul_common.inc gets reliably
executed after all object files are built.
Fixes#5159
The option is used during the generation of initcall_table.c.
However, it happens to strip the first argument following the option.
The long option --defined-only works as expected.
Issue #5155
Due to a bug in the original implementation, the size of the MMIO
range covering the 'Request_sense_response' data was set too large
during the MMIO boundary change. This rendered devices that were not
yet ready and required an 'Request_sense' command unusable.
The commit also adapts all other commands where the MMIO size does
not match the expected one.
Fixes#5133.
The commit adds support to throttle the rate of the RX IRQs to a specified
value. The effect is, that no RX IRQs below the time threshold will fire and
therefore the CPU load gets reduced on the host. Trade-off gaming between
cpu load, throughput, overload.
Modular Sculpt 23.10 on S938 as testcase. In brackets the CPU affinity is
denoted.
ipxe (0,0) -> nic_router (1,0) -> Debian VM vbox6 (3,0) and (3,1)
VM: iperf -C X.X.X.X -t 60 -R
iperf server X.X.X.X is outside Sculpt and sends data due to '-R' to VM
Non representative measure points:
cpu load - ipxe - nic_router - iperf throughput
--------------------------------------------------
w/o patch - ~80% - ~50% - ~706 MBit/s - 0 -> throttling off by default on S938
patch 651 - ~20% - ~35% - ~763 MBit/s - 651 -> 0.166ms throttle RX IRQ
patch 5580 - ~15% - ~25% - ~650 MBit/s - 5580 -> 1.4ms throttle RX IRQ
Issue #5149
A bunch of transmit requests received by the Uplink server (nic_router)
are currently added one by one to the ring buffer and every time the hardware
is notified to process each single request.
Instead, add as many as possible transmit requests in the ring buffer of
the hardware and when done trigger the hardware to process the ring.
Additionally, don't receive an "processed" TX IRQ for each element in the
ring, which causes high CPU load.
With this commit the TX IRQs in the ipxe driver for a
iperf -c X.X.X.X -t 60
from within a VM to the outside iperf server is reduced from about
~2'600'000 IRQs to about ~200'000. The overall CPU load for the driver
(when executed alone on CPU 0) is reduced from ~85 percent load to ~45 percent
load.
Issue #5149
during receive the nic_ep may block as long as the guest does not provide
another receive network descriptor. In the meantime, all Genode signals
regarding the network interface, e.g. tx, will be postponed, which may
effect the throughput.
Instead use the nic_ep for rx packets unblocking. Add an notification mechanism
to the e1000 vbox network model, to notify us as soon as the guest added new
receive descriptors in the model.
Issue #5146
For pbxa9, Qemu is started with only 256 MiB for foc but with 768 MiB
for base-hw. By reducing the RAM quota for all start nodes within the
remote scenario, each component gets enough RAM quota to breathe.
When wrongly invoking the run script by specifying a skipped test
as its only TEST_PKGS argument, the run script fails due to a wrong
tar argument order. Let's better reflect this condition to the user
ahead of invoking tar.
With `MAP_FIXED` absent from the mmap(3p) flags, "the implementation uses
addr in an implementation-defined manner to arrive at pa", which may
lead to a mapping at an address diffent to the requested `addr`.
Add `MAP_FIXED` to the mmmap flags to force mapping to the specified
address.
Fixes#5147
Such messages can occur by chance when killing 'echo' while the program
blocks in an IPC call. It gets killed nevertheless. So the message does
not hint at a failure of the test.
In the context of #5138, the timer drivers for NOVA and base-hw had been
changed to support timeouts at a precision of 250 us (from formerly 1 ms).
Adjust the test to the new expected lower bound.
The dynamic buffer allocation increases the RAM demand slightly beyond
1M on seL4. Use 2M, as is already the default in pkg/terminal_crosslink.
Issue #5135
Replace the USB session API by one that provides a devices ROM only,
which contains information about all USB devices available for this client,
as well as methods to acquire and release a single device.
The acquisition of an USB device returns the capability to a device session
that includes a packet stream buffer to communicate control transfers
in between the client and the USB host controller driver. Moreover,
additional methods to acquire and release an USB interface can be used.
The acquisition of an USB interface returns the capability to an interface
session that includes a packet stream buffer to communicate either
bulk, interrupt, or isochronous transfers in between the client and the
USB host controller driver.
This commit implements the API changes in behalf of the Genode C API's
USB server and client side. Addtionally, it provides Usb::Device,
Usb::Interface, and Usb::Endpoint utilities that can be used by native
C++ clients to use the new API and hide the sophisticated packet stream API.
The adaptations necessary target the following areas:
* lx_emul layer for USB host and client side
* Linux USB host controller driver port for PC
* Linux USB client ports: usb_hid_drv and usb_net_drv, additionally
reduce the Linux tasks used inside these drivers
* Native usb_block_drv
* black_hole component
* Port of libusb, including smartcard and usb_webcam driver depending on it
* Port of Qemu XHCI model library, including vbox5 & vbox6 depending on it
* Adapt all run-scripts and drivers_interactive recipes to work
with the new policy rules of the USB host controller driver
Fixgenodelabs/genode#5021
For now this import file is solely there to satisfy the mechansim
in Goa that collects and incorporates import files for used APIs.
Issue genodelabs/goa#81.
The kernel timer used to truncated timeouts to the next lower
millisecond, which not only limits the wakeup accuracy but also results
in situations where a user-level timeout is triggered earlier than
expected. The latter effect results in the observation of a spurious
timeouts and the subsequent programming of another timeout.
The patch solves the problem by preserving the sub-milliseconds bits
in the 'us_to_ticks' implementation(s).
Issue #5142
This patch modifies the mixer's time window allocation by modelling the
drift of the period length over time. This yields a much better
stability of the detected sample rates in the presence of jitter.
Issue #5132
This patch caps the busyness of the rump kernel, which normally calls
sleep with timeouts between 0 and 10 ms even when idle. On Sculpt
running on a x250 laptop, this patch saves 0.4% CPU load, which is
almost the half of the idle load.
Issue #5140
This data structure uses an AVL tree to maintain a time-sorted set of
alarm objects. It supports the use of circular clocks of an bit width.
Issue #5138
The format library is required, otherwise the binary isn't build. This
regression was introduced in
acpica: provide verbose config (issue #5083)
Fixes genodelabs#5136
The package depends on two resources.
- A Nic session should be routed to the nic_router "http" domain make
the HTTP server available from the outside on forwarded port 80.
- A File_system session labeled "webroot" can be routed to any server
by relabeling the session, e.g., to "report" or "config" in parent.
Sculpt deploy exmaple exporting report_fs via HTTP.
<start name="lighttpd" pkg="lighttpd">
<route>
<service name="Nic">
<child name="nic_router" label="http"/>
</service>
<service name="File_system" label="webroot">
<parent label="report"/>
</service>
</route>
</start>
Newer Qemu variants quit with an error about already existing devices
if the same device-id is add and removed in a loop fast. To circumvent
this strange behaviour, simply use consecutive device id numbers.
Ref genodelabs/genode#5021
This patch was back ported from upstream Mesa and generalizes the memory
management of buffer objects used by the binder. Before this patch the
binder was treated as a special case where buffer objects were allocated
with a simple "next block or wrap" allocator. With this commit the
binder now uses the vm_heap allocators as done by all other buffer
allocations which leads to issues with reference counting and object
destruction being resolved.
Original commit message:
We're moving towards a path where all contexts share the same virtual
memory - because this will make implementing vm_bind much easier - ,
and to achieve that we need to rework the binder memzone. As it is,
different contexts will choose overlapping addresses. So in this patch
we adjust the Binder to be 1GB - per Ken's suggestion - and use a real
vma_heap for it. As a bonus the code gets simpler since it just reuses
the same pattern we already have for the other memzones.
This patch contains the mobile variant of Sculpt OS, which evolved
at the genode-allwinner repository until now. In consists of the
following parts:
- gems/src/app/phone_manager plays the role of the sculpt manager
- sculpt/phone-linux allows for test driving the mobile
variant on base-linux
- gems/src/app/dummy_modem mockup of a modem's behavior, used for
GUI development and testing
The parts targeting a specific device (PinePhone) remain local to
the genode-allwinner repository.
To give it a try:
make run/sculpt_test KERNEL=linux BOARD=linux \
SCULPT=phone LOG=core DEPOT=tar
Fixes#5125
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start block job scheduling on resume
Fixes#5101
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start block job scheduling on resume
Issue #5101
This commit is a preparation commit for suspend/resume. The commit
refactors the code in order to consolidate all Platform resources into one
instance. All users within the driver should access the resources with
with_* functions, which checks whether the device resource is usable. The
callers are not allowed to store any references to the provided resources.
Issue #5101
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start GPU job scheduling on resume
Fixes#5081
This commit replaces the mapping of DMA buffers and gets rid of the
bounce-buffer handling, which was introduced to prevent data
corruption noticed when utilizing USB storage with Windows 10 guests,
with accessing the buffers directly.
Due to the way Windows 10 at times manages its DMA memory (many small
pieces instead of few larger ones) the unbounded registry becomes a
problem when containing stale entries.
Changing the 'qemu-usb' implementation allows for using 'read_dma'
and 'write_dma' directly.
Fixes#5121.
This patch enhances the audio driver with the option to operate as a
client of the record and play services instead of providing the audio-in
and audio-out services. The record/play mode can be enabled by setting
the 'record_play="yes"' config attribute.
The audio_in.run and audio_out.run scripts support the selection of the
mode via the 'use_record_play_sessions' hook function.
Issue #5097
A read with MSG_PEEK returns -1 and EGAIN/EWOULDBLOCK in case the socket
is connected. Zero is only returned if the socket is disconnected.
isuee #5104
In case the socket is non-blocking, a read with the MSG_PEEK flag set
has to return -1 and EWOULDBLOCK/EAGAIN in case no data is availble and
the socket is connected. Returning zero implies the socket is in
non-connected state. Therefore, check the connection state in this
situation and return accordingly.
issue #5104
- New session interfaces:
- os/include/play_session (for audio playing / mic-input driver)
- os/include/record_session (for audio recording / audio-output driver)
- Mixer at os/src/record_play_mixer providing both play and record services
- Simple waveform player at os/src/app/waveform_player
- Simple audio-signal capturing component at os/src/app/record_rom
- Simple oscilloscpe at gems/src/app/rom_osci (using record_rom)
- Simple test-audio_play for playing raw stereo f32 data
The _gems/run/waveform_player.run_ script illustrates the use of the new
components and interfaces.
Issue #5097
* Move Kernel::Cpu_scheduler to Kernel::Scheduler
(we only have that one scheduler)
* Move Kernel::Cpu_share to Kernel::Scheduler::Context
* Move Kernel::Cpu_priority to Kernel::Scheduler::Priority
* Rename all functions and variables refereing to `claims` to
`prioritzed`, because claims is not that common
* Rename occurrences of `fill(s)` to `slack` to name the time portions
outside of the prioritized quantum
* Get rid of some two-liner sub-functions with only one occurrence
(like `_quota_introduction`, `_quota_revokation`,...)
Ref genodelabs/genode#5115
This private, internal function is used only in one scope,
and therefore not neccessary. But it has nasty side-effects as
it takes the parameter `duration` as reference and changes its
value. Just remove it completely.
Ref genodelabs/genode#5115
The name head is already extensively used in the context of the lists
managed by the scheduler. This terminology duplications does not simplify
reading the code. Instead we keep head for the first item in the list,
but use `current` in the variable name and API of the `Cpu_scheduler`
class to refer to the current scheduled share.
Moreover, the `_head_quota` is now `_current_time_left`, because it does
not denote quota but time left for the current schedule. The boolean
variable `_head_claims` gets removed at all. It duplicated the state of
whether a current share ist set, and whether it has so-called claim time
left.
Ref genodelabs/genode#5115
Give certain scheduler class wide variables and functions clear names:
* quota => super_period_length
* residual => super_period_left
Ref genodelabs/genode#5115
Replace double linked list by normal Genode::List with an additional
pointer to last list member to efficiently handle the scheduler share lists.
Moreover, move it into the private part of the Cpu_scheduler class,
the only scope where it is used anymore.
Ref genodelabs/genode#5115
Minor changes that should not change any semantics:
* Remove `_next_fill()` its short and only used in one context,
in which it is good to know what that code actually does
* Turn boolean values into actual boolean values
* Remove some brackets around one-liner pathes
Ref genodelabs/genode#5115
The `_head_was_removed` variable got introduced in solving #4710, but it
reflects only whether `_head` is a valid pointer or not, thereby it
duplicates state.
Ref genodelabs/genode#5115
Check if controllers port count matches number of ports found in the
port implemented register. In case counts don't match print a diagnostic
message for debugging purposes.
issue #4081
The key element of the improvement is differentiated processing of
events of the following device types.
Mouse: relative motion
Pointer: absolute motion (Qemu usb-tablet and IP-KVM devices)
Touchpad: relative motion via absolute touchpad coordinates
Touchtool: absolute motion (e.g., stylus)
Touchscreen: absolute motion and finger (multi-) touch
Processing is done in two stages for one "input packet". First, all
events of the packet are recorded into the current evdev state with
device-type specific operations. Then, appropriate Genode input events
are generated from the accumulated evdev state in the submission stage
(again by device-type specific functions).
A simple version of tap-to-click was added to the touchpad support.
Fixes#5105
The <transform> filter configurably transforms touch and absolute-motion event
coordinates by a sequence of translation (move), scaling, rotation, and flipping
primitives in sub-nodes.
Issue #5105
Per default, only key presses and releases are logged. The optional
'motion' attribute (boolean) enables logging of motion and touch events.
Issue #5105
This commit enables generic Linux multi-touch support as well as support
for the Wacom Intuos/Graphire tablets as found in the previous version
of the USB HID driver. Events are not properly propagated through
Genode's Event C-API, yet, which will be a follow up.
Issue #5105
When SMP is enabled multicore specific instructions (e.g., pldw) are
generated. These are not supported and lead to invalid instruction
faults on uni-processor systems (like Cortex-A8). Therefore, we disable
SMP for arm_v7 in Linux code. This requires also a switch from the RCU
tree implementation to RCU tiny, which we shadow and dummy implemented.
issue #5104
Until now, in case 'jent_entropy_init' failed an error has been produced
and the following jitterentropy functions (i.e.,
'jent_entropy_collector_alloc') where called nevertheless. In case we
received a bad time source error, for example because the performance
counters are not working on the platform, the entropy collector did not return (endless
loop).
Therefore, this commit treats the failed jitterentropy initialization
not as an error but prints a warning about poor randomness quality and
stops using the jitterentropy library from this point on. The
'Jitterentropy::gen_random_u64' will in this case return the address of
a stack variable * some counter.
This is only a interim solution to make platforms work where performance
counters or TSC values do not exist/work.
issue #5104
The IP for the connect timeout test should be in another nic_router
domain, so ARP request are only processed be the nic_router and no other
IP stacks.
issue #5104
Adjust the plugin to use the socket C-API found under
dde_linux/src/lib/lxip/include/genode_c_api/socket.h'.
This is the first minor step in generalizing the plugin.
isse #5104
The lxip_raw.run script will spawn a client/server scenario that tests
Genode C-API calls. The scenario can be used standalone, meaning no
actual network card is required.
issue #5104
This commit updates lxip from version 4.4.3 to 6.1.20. It uses the
current lx_kit approach and is a shared library again. The stack has
been tested for x86_32/x86_64/arm_v6/arm_v7/arm_8.
The C-interface of the IP stack can be found under
lxip/include/genode_c_api/socket.h.
issue #5104
CONFIG_X86_USE_PPRO_CHECKSUM is a 'def_bool y' and gets re-enabled by
'make olddefconfig'. The PPRO version contains text relocations which we cannot
have in binaries (e.g., 'lea 45f(%ebx ...).').
issue #5104
add bottom half enable/disable to functions with suffix "_bh" were
missing, because some functions release the bottom half separately
(__neigh_event_send).
issue #5104
Add the possibility to execute a module-init call by name using
'lx_emul_init_call', this is used, for example, by lxip to configure and
re-configure the IP address through 'ip_auto_config'.
issue #5104
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).
That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.
Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.
The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.
The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.
Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.
Fix#4081
I2C EEPROMs of the type at24xxx are really slow (ca. 10 kHZ).
This adds the `bus_speed_khz` attribute to the config of the driver and
adapts the i.MX8 driver to support the feature.
Issue gapfruit#1996
Fixes genodelabs#5090
The physical address of the memory used for the guest VMCB is already
present in Vcpu_data. Use the information there instead of storing the
physical address in the host data area, thereby freeing up 8 bytes for
a bigger Mmio class.
Issue #4081
Hitting a BOSD in a Windows guest in Virtualbox 6 leads to calling
`DBGFR3ReportBugCheck`, which leads to the following error since it is
unimplemented in our port:
```
Error: DBGFR3ReportBugCheck: DBGFR3ReportBugCheck called, not implemented, eip=0x1a5c4e4
```
Including the actual method from Virtualbox 6 enables logging
diagnostics for the Windows Blue Screen of Death (BSOD).
To see Blue Screen logging output, enable "dbgf" and "gim" logging
via the `VBOX_LOG` following environment variable in the vbox6 runtime
config.
When manually triggering a BSOD in the Windows guest, this should
produce the following logging diagnostics:
```
GIM: HyperV: Guest indicates a fatal condition! P0=0xe2 P1=0x0 P2=0x0 P3=0x0 P4=0x0
GIMHv: BugCheck e2 {0, 0, 0, 0}
MANUALLY_INITIATED_CRASH
```
Fixes#5099
The libc's internal calculation of the tv_sec and tv_nsec fields must be
based on the same ms value. Otherwise, tv_sec is not always immediately
incremented whenever tv_nsec wraps. For applications, this inconsistency
can result in observed jumps in time.
Fixes#5098
Functions registered with 'module_init' (i.e., '__define_initcalls'),
'OF_DECLARE', and 'DECLARE_PCI_FIXUP_CLASS_FINAL' used to be static
constructors and had be explicitly registered using
'exec_static_constructors' before executing any Linux code.
With this commit we remove the constructor attributes from these
functions and create a global function pointer in the form of
__initptr_<name>_<id>_<counter>_<line number of macro>
'import-lx_emul_common.inc' will collect these '__initptr' symbols after
the compile step and generate a 'lx_emul_register_initcalls' function
that executes the functions pointed to. This step is now automatically
performed in 'lx_emul_start_kernel'. This way a call to
'exec_static_constructors' can be omitted in case there are no other
constructors in place.
issue #5096
The former implementation relied on input drvdata always pointing to
struct hid_device, which is not true for Wacom touch devices (at least).
Now, we implement the input handler for devices providing LEDs
(evbit[EV_LED] set) only and use input_inject_event() to set the LED
states.
This commit brings the etnaviv back end implementation in line
with the one from lima. Since the etnaviv driver itself handles
different contexts implicitly rather explicitly like lima and
iris for the moment only a main-context is used for all operations.
Issue genodelabs/genode-imx#8.
Uploading large files via HTTP PUT failed when the file system was
accessed via a file system session because lighttpd opened the
destination file with O_NONBLOCK and the write operation stalled
at some point.
genodelabs/genode#5093
These domains allow for the hosting of plain http and telnet servers
reachable from the outside. The change is designated for the goa
testbed.
Issue #5092
The commit is a preparation commit for suspend/resume. It prepares the GPU
structures relying on gmadr.cap() (MMIO) to be re-constructible by applying
the with* pattern to context, ring_buffer and ggtt mmio map. It removes
the managed dataspace handling of gmadr subsets to make the with_* pattern
possible.
Issue #5081
This commit is a preparation commit for suspend/resume. The commit
refactors the code in order to consolidate all Platform resources into one
instance. All users within the GPU driver should access the resources with
with_* functions, which checks whether the device resource is usable. The
callers are not allowed to store any references to the provided resources.
With this change, it will be possible in follow up commits, to release
the platform device and to re-acquire it and its resources, e.g. mmio, irq,
gmadr.
Issue #5081
- add PS/2 input drivers
- add GPU client test case - glmark2
- remove display driver before suspend
- route log output via terminal on display to gather information, since in
most cases serial/AMT is not available after ACPI resume
Issue #5081
Clearing very large RAM dataspaces could fill up core's page table,
because the dataspaces are locally mapped to clear them.
This would manifest in a loop where exhausting the local page table
leads to its flushing (which does not work for core) and a retry that
again fills up the page table and so on.
To prevent this, flush RAM dataspaces in chunks of at most 128MiB.
Fixes#5086
If "verbose" is set to true in the config, AcpiOsPrintf etc. are enabled
to log to a dedicated LOG session using the Format:Console utility.
Issue #5083
Prevent errors if precision and left alignment are part of the string.
String precision is applied to limit access to the configured number of
characters but ignored for other types.
Issue #5083
The axis IDs correspond to 2x analog sticks with 2 axes and 2x triggers.
While being at it, the commit changes the Axis_id type to Axis::Id.
Fixes#3669
Failed allocations were still denoted with a successful return value
to the caller. This situation was triggered by artificial testing and
has not been observed yet in practice. In case the 'LIMA_GEM_CREATE'
I/O control fails Mesa will dereference invalid pointers anyway.
Issue genodelabs/genode-allwinner#27.
The frame-pointer-based backtrace does not work without enabling
-fno-omit-frame-pointer explicitly and in most cases leads to page
faults because non-pointer stack values are dereferenced during the
walk. The best we can do is to limit the backtrace walk to the stack of
the current thread to prevent page faults unrelated to the system state
without the use of the backtrace utility.
This commit introduces a printable Backtrace class usable in
Genode::log(), Genode::trace(), etc. The class is based on the new
function for_each_return_address(auto const &fn) that walks the stack in
its limits and calls fn() for each discovered return address on the
stack in the new os/include/os/backtrace.h. Archtecture-specific
stack-pointer retrieval and walk loops are implemented in dedicated
os/include/spec/<arch>/os/for_each_return_address.h files. Also, the
well-known Genode::backtrace() function (which logs the return-address
values) is provided for backwards compatibility.
Fixes#5078
The number of hash entries for TCP/UDP corresponds to the number of
sockets managed by the stack. In case there are more sockets than
entries available, buckets will be created to compensate for the lack of
space. The default values for TCP (524288) and UDP (65536) are meant for
the in kernel that manages all sockets of the user land and leads
to very large hash table allocations (>20MB) during initialization.
Since on Genode a component has its own instance of the IP stack or uses
the VFS server, we do not need these kind of large default settings.
issue #2181
This patch changes the unlink operation of the ram fs to defer the
destruction of a file until it is no longer referenced by any VFS handle.
When unlinked, the file no longer appears in the directory. But it can
still be opened and accessed.
With this change, a parent process of a Unix-like subsystem becomes able
to pass the content of an unlinked file to a forked child process. This
mechanism is required when using the 'exec' command in Tcl scripts.
Another use case is the 'tmpfile()' function.
Fixes#3577
The traced top instance was configured to be active every two seconds
whereas the trace test uses a grace time of only 1.5 seconds before
raising the FOREIGN state of a trace subject as an error.
The state of a trace subject can change only whenever the traced thread
passes a trace point. Hence, with the original configuration, the
release of top as trace subject can take up to two seconds. The patch
reduces the rate to 0.5 seconds to satisfy the expectation of
test-trace.
Following Github support removal for svn [1], dde_rump port fails to
prepare. This commit introduces a new install rule for ports,
'.sparse-git'. It performs a sparse-checkout on the port repository, only
fetching required files.
[1] https://github.blog/2023-01-20-sunsetting-subversion-support/
Co-authored-by: Benjamin Lamowski <benjamin.lamowski@genode-labs.com>
Issue genodelabs#5072
Issue genodelabs/goa#28
According to RFC 1812 ICMP Destination unreachable (Network unreachable)
does not quite our case of clients directly behind the router.
If a packet is to be forwarded to a host on a network that is directly
connected to the router (i.e., the router is the last-hop router) and
the router has ascertained that there is no path to the destination
host then the router MUST generate a Destination Unreachable, Code 1
(Host Unreachable) ICMP message.
Issue #4729
By using `mktime()`, which assumes local time, we render the `TZ`
environment variable ineffective. Instead, `timegm()` should be used to
set the real-time clock to UTC.
genodelabs/genode#5074
The management of Linux page structs is now tied to the life time of DMA
buffers. Thus, page structs are created when a buffer is allocated and
deallocated only when a buffer is freed - not on lx_emul_mem_free()
because DMA buffers are cached. Page struct refcounting was entirely
reworked in lx_emul/shadow/mm/page_alloc.c.
Fixes#4809
When multiple threads (EMT-0..X + nic_ep) enter the very same
critical section, the use of RTCritSectTryEnter may reflect the contention
case to the Network Model (E1000). Since no one notifies the model, when the
critical section is free again, solely the next packet/event triggered by the
guest will resume the former operation. This may lead to long delays until
packets are sent actually.
Instead of using the RTCritSectTryEnter use RTCritSecEnter to avoid the
situation. All of our network code is non blocking, so the network backend
will only be contented a short time.
Follow up commit to
Issue #5045
The devio API in the Linux kernel promised to be a stable layer for our
USB host controller drivers, but the additional bookkeeping and dynamic
allocations increase CPU overhead in a way that we do not accept further.
Therefore, we go a step back and process DMA transactions directly in and
out of the packet stream from the clients.
Fixgenodelabs/genode#5071
Per default Tslab checks that 8 slabs incl. overhead fit into one block.
If this is not desired the template parameter 'MIN_SLABS_PER_BLOCK' can
be used to control the minimum number of blocks.
Fixes#3834
The argument was originally designated to restrict the reach of the
trace monitor but the idea remained unimplemented. It is now superseded
by the use of the trace-session label as trace-subject filter.
Issue #847
This patch changes core's TRACE service to expose trace subjects only if
their PD label matches the label of the TRACE monitor. Hence, by default,
a trace monitor can only observe itself and its child components. Only
if the trace monitor's parent rewrites the trace-session's label, the
view of trace monitor can become broader. For example, when rewriting
the trace label to an empty string "", the trace monitor becomes able to
observe the sibling components hosted in the same init instance as the
trace monitor.
To grant a trace session the special privilege of obtaining a global
system view (including the kernel's trace subjects), the top-level init
has to rewrite the session's label to an empty string. At core, this
specific label "init -> " is handled as a special case that discharges
the filtering/namespacing of trace subjects.
Note that the trace-subject label as reported as subject info is now
given relative to the label of the trace session. As a nice side effect
of this change, the pkg/test-trace_logger works now when executed by the
depot_autopilot as well as via the test.run script.
Issue #847
This option is useful in cases where batching is configured and
failing to fetch a resource should not influence the over-all
result.
Issue genodelabs/genodians.org#32.
In the scope of alloc_dma_buffer(), Out_of_* exceptions might be thrown
at different stages. By adding a Guard object, we make sure to rollback
already created objects accordingly.
genodelabs/genode#5002
As a consequence of the adding IOMMU support to the platform driver,
additional RAM and CAPs are needed for setting up IO page-table
structures.
genodelabs/genode#5002
The platform driver needs additional 2MB of RAM for managing IO page
tables (root table and context tables) that are shared among sessions.
genodelabs/genode#5002
By adding the `irq_type` argument, one can explicitly specify whether to
use LEGACY, MSI or MSI-X interrupts. We formerly used the
`device_phys_config` to implicitly select MSI, however, with the
addition of IOMMU support to the platform driver there is at least one
instance where we need an MSI for a non-PCI device.
Yet, by adding another session argument to the Irq session, we exceed
the character limit for session args. Since not all arguments are
relevant for LEGACY interrupts resp. MSI, we can split the Irq_connection
constructor to handle the two cases separately and omit unneeded
arguments.
genodelabs/genode#5002
DMA buffer allocations are always performed as full pages. However, they
got mapped into the IOMMU domain using the requested size, which may not
be a multiple of the page size. This behaviour was introduced as a regression
by #4761 and is corrected by this commit.
genodelabs/genode#5002
The virtual add_range()-method must not be called from the base-class
constructor since the derived class is not be fully initialized at
this point.
genodelabs/genode#5002
The sculpt manager views only launchers in the + menu that are not present in
the runtime already. However, this check was missing when finding the right
launcher on a click event inside that menu. This could cause the manager to
try deploying an already deployed launcher a again (without any effect)
instead of deploying the launcher that was actually clicked.
Ref #5064
This is a follow-up commit to the adaptation of the run scripts to the
consistent use of [build_artifacts] (issue #4860).
The missing build of libm remained undetected until the recent removal
of implicit shared-library builds (issue #5061).
This patch removes the implicit build of all shared libraries a target
depends on. Targets only depend on the respective ABIs instead. This
alleviates the need to locally build complex shared libraries (think of
Qt) when developing applications. Instead, application developers can
use binary depot archives.
The implementation splits the mk/lib.mk file into three files:
- mk/a.mk for building one static library (.lib.a)
- mk/so.mk for building one shared object (.lib.so)
- mk/abi.mk for building one ABI stub (.abi.so)
Furthermore, the commit moves messages and the collection of build
artifacts to var/libdeps, triggers the build of kernel-specific
ld-<kernel>.lib.so, and prunes the lib-dependency tree at ABIs.
Fixes#5061
- finished tx ack queue should be checked before new allocations
- packets which got not sent must be released in packet stream,
otherwise the network packet stream gets filled up and starves after a while
- rRegister for ack avail packets and process them concurrently to EMT-* threads
by nic_ep thread (thanks @Peter for the findings) + add synchronization.
- add sigh_ready_to_submit to network adapter to improve latency by notifying
the network model explicitly in case we had a full packet stream error case
(_retry resp. VERR_TRY_LATER)
Fixes#5045
This patch mirrors the interface of Sculpt's distant_runtime to the
sandboxed_runtime variant, allowing the configuration of xpos, ypos,
min_width, min_height, opaque, and background color.
Issue #5008
This patch moves the text-editing facility of app/text_area to a
text-area widget as part of the dialog library. This has two benefits.
First, it simplifies app/text_area by using the dialog API. Second, the
editor can now easily be reused by other dialog-API-based applications.
Fixes#5058
The 'Dynamic_array' utility is used by the text_area as internal
representation of text. As a prerequisite step of making the text
editing features generally available as a text-area widget, the
utility must become public.
Issue #5008
This method allows for the inquiry of the current hovering state,
e.g., to suppress an update of the Wifi accesspoint list while
the list is hovered.
Issue #5008
Issue #5053
Several DMA pools of the EHCI/UHCI USB host controller driver declare
that buffers should not cross 4K boundaries. If this property is not met
fatal errors like NMIs may happen during USB operation.
Discussed in issue #5000
Certain USB devices do not react anymore after an endpoint reset
in the use case of USB devices passed through to a virtual machine.
When investigating the only USB session client that needs the
flush transfers request - namely the Qemu xhci model used in
VirtualBox - there seems to be no need to reset the endpoint in fact.
Fixgenodelabs/genode#5050
USB devio splits large transaction into 16 KiB buffers in scatter-gather
lists. Unfortunately, this mechanism seems unreliable most certainly because
of issue #4809 "DDE Linux struct page object aliasing".
Issue #5036
Currently, running ripgrep on Genode emits
"Warning: sysconf(71) not implemented".
Return -1 without setting errno, which is a valid return value according
to getpwnam(3) and silence the warning.
Fixes#5043
This patch replaces the original policy-based 'update_from_xml' by a new
method that takes three functors for creating, destroying, and updating
elements as arguments. XML nodes are associated with their corresponding
internal data models by annotating the element type with the
'type_matches' class function and the 'matches' method.
The patch also improves safety by enforcing that list-model elements can
never be copied.
Fixes#4317
This commit adds support to initialize the timekeeping for
the Linux subsystem with the value from the RTC.
Only the seconds part of timespec64 is supported.
Issue genodelabs/genode#4957
FreeBSD libc code uses only a single spinlock instance and, thus there
is no obvious reason why it would need to be implemented as an actual
spinlock. _spinlock() and _spinunlock() functions are implemented with a
static pthread mutex.
Issue #725
This commit adds a new configuration option, `dst_addr` to the
'sntp_client' that accepts either an IP address or a DNS hostname. If a
DNS hostname is provided, the 'sntp_client' will resolve the IP address
before each SNTP request. The 'dst_ip' configuration option is
deprecated but kept for compatibility until 'dst_addr' is fully adopted.
xsd/net_types.xsd: add Net_address type
sntp_dummy_rtc: adjust configuration to use pool.ntp.org
Fixesgenodelabs/genode#5003
`Expandind_pd_session_client::try_alloc` is an overriden virtual method
of `Ram_allocator::try_alloc`. The latter specifies the default Cache
argument as CACHED. The overriden method should either do the same or
not even specify a default argument at all.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
Feed the high-frequent fetchurl reports into a list model to speed up
the subsequent evaluation of the data.
Also limit the rate of state reporting during updates to visible changes
in percent such that most fetchurl reports do not cause any UI activity
(status updating) any longer.
This patch noticeably speeds up the installation of complex packages
(i.e., the morph browser) on the PinePhone.
Issue #5038
The execution of global-static constructors in Genode is optional for
native components or determined in the libc for libc components. By
convention, we avoid static constructors wherever possible but in rare
cases the component can tweak the point when constructors are executed
and initialize an environment beforehand. The wifi_drv applies this
pattern for the uplink initialization, but is a libc component on the
other hand, and, thus, statics in the Genode C API for uplink are
constructed later by the libc. So, the prior initialization is reverted,
i.e. the signal-handler capability becomes invalid.
This addresses a regression exposed by the following commit.
drivers/wifi: perform multi-staged construction
Related to #3509Fixes#5024
Component names can be larger than widget IDs, which are capped at 20
characters. To uniquely correlate the component depicted in the graph
with clicks, this patch uses a dedicated graph ID for each runtime
component instead.
Fixes#5034
This patch allows for the interactive assignment of the system-control role
to a new component via the resource dialog. This is useful for integrating
low-level components like the Intel frequency/power monitoring tool.
Fixes#5033
Commit "menu_view: ignore zero-sized widgets in box layout" introduces
zero-sized child widgets as a special case but defined zero-sized as
zero covered pixels (w*h == 0). However, for layouting, a widget with a
non-zero height and zero width is not zero-sized.
This patch refines the zero-size condition such that only widgets with
both zero width and zero height are considered as zero-sized.
It thereby solves the missing display of empty lines in the text_area
component.
The 'Xml_node::differs_from' method takes the constructor arguments
(addr, size) for a byte-wise comparison whereas 'with_raw_node'
restricts the byte range to the actual XML tags. In cases where
the XML start tag is preceeded by whitespace, both ranges can differ.
Since the 'differs_from' method is meant for comparing actual XML
nodes - not any whitespace around them - whitespace should be ignored
on both operands.
Issue #5029
This is a follow-up fix for commit "sculpt: apply Dialog API to diag,
panel, and graph", which happened to render the legacy dialogs (network
and settings) inaccessible.
The patch avoids the use of clack seq numbers for the 'popup_opened'
condition (which happens on click, not clack). It also overrides old
click information on the arrival of a new click, avoiding the evaluation
of stale click sequence numbers in distant_runtime.cc. Furthermore, it
reduces the rate of 'Distant_runtime::_try_handle_click_and_clack'.
Issue #5008
On WPA3 encrypted networks the AP picker does not indicate encryption
and does not prompt for a passphrase.
Also indicate an encrypted network when "protection=WPA3", remedying
both issues.
Fixes#5022
Up to now, when using force_*, all other configured modes of a connector
got overwritten and the force_* got enforced. With the commit,
the connector mode is considered (if below max_*) and the resulting
framebuffer may be larger then the dimension of force_*.
Differences in TAR archive member metadata results in unstable depot
hashes. The following properties have to be fixed: modification time
(incl. time zone), numeric owner and group, permission modes.
Releated to #2842
This change allows for the hosting of system-management components
in Sculpt's runtime. The special role must be declared either as
<launcher managing_system="yes"> attribute or in the deploy
configuration's <start managing_system="yes"> attribute.
Issue #5009
Rename locally extended VCPU state from State to Vcpu_state for clarity.
The local namespace only adds two accessor methods, which does not
justify a local generic name.
Ref #4968
Make naming across architectures coherent by renaming Vm_state to
Vcpu_state, to reflect that it contains the state of a Vcpu and not that
of an entire VM.
Ref #4968
Per Affinity::Location a system control cap can be requested. The capability
provides an RPC interface to request and set Cpu_state, as provided by the
former Pd::managing_system(Cpu_state) method. Invocation of those system
control capabilities then *can* (see below) be executed on the desired CPU
as described by Affinity::Location.
The system control cap will be invalid for kernels that don't support
system_control/managing_system functionality at all.
The system control cap will be ever by the same, e.g. ignoring the
Affinity::Location parameter, if the used kernel doesn't support or doesn't
require the feature to execute the system control per CPU.
The commit is a preparation step to add guarded and selective x86 MSR
access per CPU.
Fixes#5009
This patch partially converts the Sculpt manager to the dialog API.
At this stage, both the old utilities and the new dialog API are still
used simultaneously.
Issue #5008
The so-called 'Distant_runtime' implements GUI dialogs via menu_view
components hosted at a distant init instance as opposed to child
components (as implemented by the 'Sandboxed_runtime'). This is
particular the case in Sculpt OS where the sculpt manager is not the
parent of the menu_view instances.
Issue #5008
By renaming 'Dialog' to 'Deprecated_dialog', we become able to use the
name 'Dialog' for the new API while temporarily keeping the original
interface in tact.
Issue #5008
- Increase default timeout to one minute
- Ignore power-button events during display-driver startup to avoid
entering another forced blank when pressing the power button twice.
- Prevent wakeup from user activity except for the power button.
So the volume can be adjusted without leaving the screensaver.
Issue #4950
The new API at gems/include/dialog/ aids the creation of simple GUI
applications based on the menu-view widget renderer. Its use is
illustrated by the simple test application at src/test/dialog/
that is accompanied with the dialog.run script.
Issue #5008
Each hover change of the character position within a label results in a
new hover report, which needs to be evaluated by the application. For
the common cases where labels are used as button texts or for presenting
passive information, the level of detail is not needed while the
recurring hover reports induce overhead at the application side.
This patch mitigates this overhead by excluding labels from the hover
reporting by default.
For use cases that actually depend of precise hover reporting of labels,
for example an editable text area, the hover reporting can be enabled by
setting the 'hover="yes"' attribute of the label.
The 'Widget::_version' attribute was meant to allow the deliberate
replacement of a widget by a same-named widget by changing the version
while keeping the name, thereby suppressing any geomety animation.
However, the implementation missed to populate the attribute with the
value provided by the dialog ROM, prompting the unconditional
re-creation of the widget whenever a 'version' attribute was specified.
Even though this had the (desired) effect of preventing geometry
animations, it could cause feedback loops between hover reports and
dialog ROMs because the 'hover_changed' condition in 'Menu_view::Main'
would always stay true while a versioned widget is hovered.
To prevent exessive allocations the bounce buffers are allocated
once and afterwards re-used. The DMA buffers are provided by an
range allocator whose backing store increases in 4 MiB chunks.
The range allocator might not merge the ranges as those chunks
are not necessarily allocated continously. Allocations larger
than the static chunk size are therefor treated as error.
Internally libyuv uses malloc & free for short time dynamic memory
allocation during image transformation. The converted images are
such large, that the Libc allocator will create and destroy new Genode
dataspace per image. In time sensitive code paths, the overhead can be
noticeable by the caller of the image transformation.
The patch adds the option to register callbacks in the libyuv library to
implement the image allocation by users of the library. They may implement
caching strategies to avoid the overhead, e.g. as seen with qemu-usb and
the webcam model.
and not before. On Windows guest with more than 1 vCPU, the packets
seem to arrive and/or seem to be handled too late in the Webcam model.
An intermediate state, to due the late packet, has been used to decide to
close the Capture session too early.
In SDL2, support has been added for multiple windows.
As such, prior to this commit, invoking _sdl_screen.construct
would create a new window each time the original window was
resized.
To avoid this, refactor to only construct the window once, and
upon resize events, reconstruct the SDL_Surface and SDL_Texture
of Sdl_screen to the new window dimensions.
Issue identified by @chelmuth in https://github.com/genodelabs/genode/pull/4993#issuecomment-1729530634Fixes#4993
Following the official migration guide of SDL [1], the
fb_sdl framebuffer driver was update from SDL1 to SDL2.
The sdl2 port in world/src/lib/sdl2 is used.
Since SDL1 is in maintenance mode [2], support for other
display servers than X11 will never be implemented. In
particular, support for Wayland is missing from SDL1.
Fortunately, a port of sdl2 is maintained in genode-world.
As SDL2 is actively developed, it will provide support for
modern hardware architectures, and has mature support for
Wayland [3].
[1]: https://wiki.libsdl.org/SDL2/MigrationGuide
[2]: https://wiki.debian.org/Wayland#SDL1_.28unsupported.29
[3]: https://wiki.debian.org/Wayland#SDL2_.28supported_since_2.0.2.2B-.29
Issue #4993
The new API emphasizes control over the vCPU data by granting access
through the Vcpu::with_state() method, which makes sure that the vCPU is
stopped, invokes the supplied function with a reference to the VM state
and resumes the vCPU if the function returns true.
The old Vcpu::run(), Vcpu::pause() and Vcpu::state() methods are removed
in favor of the new API. Execution of the vCPU is now interrupted by
sending a native Genode Signal to its Vcpu_handler, which will run the
VMM's exit handling method. When this method retrieves the vCPU state by
calling Vcpu::with_state(), the outside interruption is detected and on
x86 a recall exit is injected into the state to signal the vCPU
interruption / pause request to the VMM's vCPU handler.
Ref #4968
instead via the hardware registers of the FPU. On Genode all components and
so VMMs are built such, that the compiler may generate optimized code by
using the FPU at any time. We had to make sure to save the
FPU state as early as possible before the VMM component touches the FPU,
to avoid corrupting & losing guest FPU state. This caused headache again
and again. To avoid the uncertainty, we remove this feature and explicitly
transfer the FPU state via the UTCB.
Depending on the client and use-case the current minimal timeout
value of 5 ms could be too high, lowering it to 1 ms stays within
the limit imposed by most timer drivers.
Issue #4990.
When the wait value is too small the HALT attempt turnes into
busy-polling in the VMM. To prevent that always wait a minimal
amount of time.
Issue #4990.
This patch removes the obsolete 'io_progress_elem', which was wrongly
enqueued to the 'read_ready_waiters' fifo and not dequeued at
destruction time.
Fixes#4987
Remove 'usb_hid', 'usb_net', 'usb_modem' from dde_linux port. These
versions have been updated to Linux 6.1.20 which uses the 'linux.port'
file.
issue #4958
The driver is superseded by the USB network driver (usb_net) which also
contains MBIM support for LTE modems previously provided by this
driver.
issue #4958
The drivers uses the 'virt_linux' api and the current lx_kit
implementation. It is a drop-in replacement for the Linux 4.16.3 based
version.
issue #4958
NCM tries to batch TX packets using timeouts (500us) and does not send packets
before 3 packets are in the submit queue. Timeouts take milliseconds on
dde_linux which leads to delayed ACKs and poor performance for the RX case.
Therefore, we send small packets (<100 Bytes) immediately without batching (it
might be an ACK or last packet of a larger transfer).
issue #4958
