Commit Graph

1216 Commits

Author SHA1 Message Date
Martin Stein
adaad64fbb timer connection: relax factor shifting
When in modern mode (with local time interpolation), the timer
connection used to maximize the left shifting of its
timestamp-to-microseconds factor. The higher the shift the more precise
is the translation from timestamps to microseconds. If the timestamp
values used for determining the best shift were small - i.e.  the delay
between the calibration steps were small - we may got a pretty big
shift.  If we then used the shift with bigger timestamp values - i.e.
called curr_time seldom or raised calibration delays - the big shift
value became a problem. The framework had to scale down all measured
timestamps and time values temporarily to stay operative until the next
calibration step.

Thus, we now raise the shift only that much that the resulting factor
fullfills a given minimum. This keeps it as low as possible according
to the precision requirement. Currently, this requirement is set to 8
meaning that the shifted factor shall be at least 2^8 = 256.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
6dfb903bd0 timer connection: always work with microseconds
As the timer session now provides a method 'elapsed_us', there is no more need
for doing any internal calculations with values of milliseconds.

Ref #2400
2017-08-23 14:08:36 +02:00
Martin Stein
8750e373a0 timer session: add elapsed_us method
As timer sessions are not expected to be microseconds precise (because
of RPC latency and scheduling), the session interface provided only a
method 'elapsed_ms' although the back end of this method in the timer
driver works with microseconds.

However, in some cases it makes sense to have a method 'elapsed_us'. The
values it returns might be milliseconds away from the "real" time but it
allows you to work with delays smaller than a millisecond without
getting a zero delta value.

This commit is motivated by the need for fast bursts of calibration
steps for the time interpolation in the new timer connection.

Ref #2400
2017-08-23 14:08:36 +02:00
Christian Helmuth
8b073f46df depot: update recipe hashes 2017-08-18 10:25:28 +02:00
Alexander Boettcher
4020766105 sel4: adapt timeouts of run scripts
Issue #2451
2017-08-18 10:24:47 +02:00
Alexander Boettcher
69e71147ef platform_drv: replace nova specific device_pd
by using generic Pd_session::map instead for eager memory mappings of DMA
memory.

Issue #2209
2017-08-18 10:24:47 +02:00
Emery Hemingway
5f35175644 app/sequence: execute components in sequence
Fix #2476
2017-08-18 10:24:46 +02:00
Emery Hemingway
ad6c94bb09 input_filter character mapping rules for the Workman layout
http://workmanlayout.org/

Fix #2473
2017-08-17 11:04:23 +02:00
Emery Hemingway
2deddf1e6d Check for symlink target length errors
Check for symlink length errors at the VFS library and the ram_fs and
vfs servers.

Fix #2462
2017-08-17 11:04:21 +02:00
Emery Hemingway
cfdac3f4c3 ram_fs: check symlink writes for termination bytes
Ref #2461
2017-08-17 11:04:21 +02:00
Alexander Boettcher
da5441292a sel4: add Wandboard Quad (iMX6) support
Issue #2451
2017-08-17 11:04:21 +02:00
Alexander Boettcher
782b457476 wand_quad: re-enable i.MX6 EPIT user level timer
Issue #2451
2017-08-17 11:04:21 +02:00
Alexander Boettcher
66c0c7b6f1 sel4: add x86_64 support
Issue #2451
2017-08-17 11:04:20 +02:00
Norman Feske
e31806d4e6 dde_rump: fix rump_iso test
The run script did not consider the routing for the environment ROM
sessions for the test-iso component. It routed all ROM sessions -
including the ones for the executable and the dynamic linker - to
fs_rom. The patch also adds the cap quota definitions required since
version 17.05 and fixes a whitespace inconsistency between the test
program and the run script.

Thanks to Steven Harp for reporting!
2017-08-17 11:04:20 +02:00
Christian Helmuth
e5f0dae598 terminal_log: carriage-return on newline
This is expected by hardware terminals, ie., terminal programs connected
to null-modem serial connections. Otherwise, the next line starts at the
column right after the last line.
2017-08-17 11:04:20 +02:00
Emery Hemingway
e2c1ea04ea depot: recipes for src/ram_blk, src/vfs
Ref #2446
2017-08-17 11:04:19 +02:00
Alexander Boettcher
95329c82e2 sel4: update to 5.2.0
Issue #2451
2017-08-17 11:04:19 +02:00
Christian Helmuth
145011b420 sd_card_drv: prevent deprecated warnings 2017-08-17 11:04:18 +02:00
Norman Feske
18cea099f0 depot: recipes for ahci, fs_rom, ram_fs, usb_block 2017-08-17 10:59:44 +02:00
Alexander Boettcher
24875c0ea8 platform_drv: add report about available pci devices
Issue #1359
2017-08-17 10:59:44 +02:00
Norman Feske
7d12d7a78f fs_report.run: replace test with dedicated program
The new version of the test exercises the combination of fs_report with
ram_fs and fs_rom as a more flexible alternative to report_rom.

It covers two corner cases that remained unaddressed by fs_rom and
ram_fs so far: First, the late installation of a ROM-update signal
handler at fs_rom right before the content of the file is modified.
Second, the case where the requested file is not present on the file
system at the creation time of the ROM session. Here, the ram_fs missed
to inform listeners for the compound directory about the later created
file.
2017-08-17 10:59:43 +02:00
Norman Feske
d649451c3d fs_rom: trigger deferred ROM-update signal
This patch ensures that fs_rom delivers a ROM-update notification in the
case where the underlying file was changed in-between requesting the
initial ROM content and registering the signal handler.
2017-08-17 10:59:43 +02:00
Norman Feske
bfcdab6079 fs_rom: make read-packet handling more robust
With the introduction of the CONTENT_CHANGED notifications delivered via
the packet stream, the assumption that no more than one READ packet is
in flight at all times does no longer hold. If the fs server responds
to a CONTENT_CHANGED packet while the fs_rom expects the completion of a
read request, the '_update_dataspace' method would prematurely return,
leaving the dataspace unpopulated. This patch solves the problem by
specifically waiting for the completion of the read request.
2017-08-17 10:59:43 +02:00
Norman Feske
0b580628cf file system: track content via version counter
This makes the delivery of CONTENT_CHANGED responses more robust.
2017-08-17 10:59:43 +02:00
Christian Prochaska
6a43f3c11a file system: use Id_space instead of Node_handle_registry
Fixes #2436
2017-08-17 10:59:43 +02:00
Norman Feske
0d1be4abe2 depot: update recipe hashes 2017-06-29 12:00:04 +02:00
Christian Helmuth
78f1fd29f7 Translate buffer-exceeded exception in Session_requester
Session_requester inherits from Dynamic_rom_session::Content_producer
which specifies the Buffer_capacity_exceeded exception which is thrown
on insufficient buffer space.
2017-06-29 12:00:03 +02:00
Norman Feske
a9da97bc4a init.run: lower timing sensitivity
Instead of relying on init's delayed reporting, we explicitly force init
to produce a new report with the up-to-date child-RAM information.
2017-06-29 12:00:03 +02:00
Norman Feske
ce01fd5321 depot: update drivers_interactive-pbxa9 to 17.05
With this commit, the wm.run script works for the pbxa9 platform when
using the base-hw kernel.
2017-06-29 12:00:02 +02:00
Norman Feske
4b862cb047 depot: fix src/pbxa9_drivers recipe
This is a follow-up commit to "os: move private declarations to driver
target".
2017-06-29 12:00:02 +02:00
Martin Stein
67fc1ec42b timeout test: prioritize timer driver over test
Ref #2400
2017-06-29 12:00:00 +02:00
Martin Stein
8d2ee6d040 timer okl4: remove deprecated const_cast
Ref #2400
2017-06-29 12:00:00 +02:00
Martin Stein
61f59818d3 pit/fiasco timeout: raise time error tolerance
On platforms that use the PIT timer driver, 'elapsed_ms' is pretty
inprecise/unsteady (up to 3 ms deviation) for a reason that is not
clearly determined yet. On Fiasco and Fiasco.OC, that use kernel timing,
it is the same. So, on these platforms, our locally interpolated time
seems to be fine but the reference time is bad. Until this is fixed, we
raise the error tolerance for these platforms in the run script.

Ref #2400
2017-06-29 11:59:59 +02:00
Christian Helmuth
82af06a42a sd_card: enable wand_quad/imx6 again 2017-06-29 11:59:58 +02:00
Christian Helmuth
ad824cea11 sd_card: cleanup driver library structure
Now both, the sd_card_drv and sd_card_bench use LIBS=sd_card_drv.
2017-06-29 11:59:58 +02:00
Emery Hemingway
73eb7a52a0 server/fs_report: do not append '.report to file names
Appending a suffix to report filenames was behavior inherited from
fs_log, it prevents creating files where directories need to be created
later. But unlike logs, only a subset of the hierarchy will report and
those that do append a component-local label, so the risk of collision
is low.

By removing the suffix fs_rom can serve reports back as ROM just as
report_rom does.

Ref #2422
2017-06-29 11:59:56 +02:00
Christian Prochaska
04f82721b1 fs_rom_update.run: add capability quota
Fixes #2453
2017-06-29 11:59:54 +02:00
Martin Stein
9b1c26ab7f timeout lib: dynamic interpolation-factor shift
In the timeout framework, we maintain a translation factor value to
translate between time and timestamps. To raise precision we scale-up
the factor when we calculate it and scale-down the result of its
appliance later again. This up and down scaling is achieved through
left and right shifting. Until now, the shift width was statically
choosen. However, some platforms need a big shift width and others a
smaller one. The one static shift width couldn't cover all platforms
which caused overflows or precision problems.

Now, the shift width is choosen optimally for the actual translation
factor each time it gets re-calculated. This way, we can take care that
the shift always renders the best precision level without the risk for
overflows.

Ref #2400
2017-06-29 11:59:54 +02:00
Martin Stein
99d971f348 timeout test: result buffer as struct
The result-buffer related members of the fast polling test are
the same for each buffered result type. Thus, we can make the
code easier by providing them through a struct.

Ref #2400
2017-06-29 11:59:53 +02:00
Norman Feske
c7b739cc61 bomb.run: define resource preservation for init
This patch increases init's preserved RAM and capability quota to
account for a current limitation of init with respect to the creation of
sessions to parent services:

In contrast to regular routed services, sessions to parent services are
created via 'Env::session'. The implementation of 'Env::session'
automatically upgrades session quotas on demand, which is the desired
behavior for regular 'Connection' objects. However, for sessions
established on the behalf of init's children, we would need to reflect
the error condition to the child instead of resolving it locally within
init (by subsidizing the session with init's quota). This patch leaves
this issue unresolved but fixes the symptom for the bomb test. It is
meant as an interim solution until the handling of parent sessions is
revised.
2017-06-29 11:59:53 +02:00
Norman Feske
5566aa0f94 bomb test: consider preserved PD session quota
This is an adaptation to the commit "core: prevent transfer of static PD
session quota".
2017-06-29 11:59:52 +02:00
Johannes Kliemann
1205607e78 os: add framebuffer based on platform_info of core
Issue #2242
2017-06-29 11:59:51 +02:00
Alexander Boettcher
04b2919a1a acpi_drv: use platform_info for rsdt/xsdt lookup
Issue #2242
2017-06-29 11:59:50 +02:00
Martin Stein
5fec4a2166 timeout test: raise error tolerance on nova + qemu
On QEMU, NOVA uses the pretty unstable TSC emulation as primary time
source. Thus, timeouts do not trigger with the common precision (< 50
ms). Use an error tolerance of 200 ms for this platform constellation.

Ref #2400
2017-06-29 11:59:49 +02:00
Josef Söntgen
8f577e9d25 usb: use if-else in packet_handler
Apparently this construct leads to a compiler errors like

  error: second operand to the conditional operator is of type ‘void’, but
  the third operand is neither a throw-expression nor of type ‘void’
2017-06-19 12:35:57 +02:00
Martin Stein
745fa4fd67 timeout test: improve documentation
Ref #2400
2017-06-19 12:35:56 +02:00
Martin Stein
71fd2b4cde timeout test: consider time shift between sessions
The fast polling test uses one timer session for raw 'elapsed_ms' calls
and another one for potentially interpolated 'curr_time' calls. It then
compares the two results against each other. However, until now, the
test did not consider that the duration of the session construction may
create a remarkable shift between the local times of the two sessions.
This shift is now determined and compensated before doing any
comparison.

Ref #2400
2017-06-19 12:35:56 +02:00
Christian Helmuth
ba9ef7fdee foc: use slab for meta-data in RPC cap factory 2017-06-19 12:35:56 +02:00
Christian Helmuth
c16288bcde timer/foc: use current KIP-clock API
This prevents L4_DEPRECATED warnings.
2017-06-19 12:35:55 +02:00
Martin Stein
1ea745ca2e signal test: do not test multiple handlers
The multiple-handlers test was checking if handlers at one signal were
activated in a fair manner. But on Qemu, the error tolerance of one was
too small in rare cases (2 of 100 runs). However, having multiple
handlers for the same signal context can be considered deprecated
anyway. With the recommended Signal_handler wrapper for signal sessions,
you can't use this feature. Thus, we removed the multiple-handlers test.

Fixes #2450
2017-06-19 12:35:55 +02:00
Christian Prochaska
a1b1525ec1 lx_fs: handle errors on mkdir correctly
Fixes #2444
2017-06-19 12:35:55 +02:00
Emery Hemingway
47c616ab94 server/fs_report: write reports to file-systems
Fix #2422
2017-06-19 12:35:54 +02:00
Emery Hemingway
1eb37fbe22 VFS: move 'sync' from 'File_system' to 'Directory_service'
The the parent 'Directory_service' interface is reachable from
'Vfs_handle', whereas the 'File_system' interface is not.

Fix #2437
Ref #2422
2017-06-12 14:32:07 +02:00
Emery Hemingway
1838fb4773 vfs/ram: check parent directory on file creation
Fix #2443
2017-06-12 12:44:23 +02:00
Alexander Boettcher
0523736ce4 acpi: limit device scope paths
Fixes #2371
2017-06-08 11:32:39 +02:00
Martin Stein
b8e2253e5f timeout: fix bug in interpolation
We incorrectly used 'unsigned long' (which is 32 or 64 bit depending on
the CPU architecture) for a timestamp (which is always 64 bit) in the
timer-connection implementation.

Ref #2435
2017-06-06 13:01:43 +02:00
Martin Stein
23337eb6e7 run/timeout: run also on arm w/o hw and qemu
On platforms were we do not have local time interpolation we can simply
skip the first test stage in the timeout test. This way, we can at least
test the rest.

Fixes #2435
2017-05-31 17:50:28 +02:00
Martin Stein
685f509a43 timer connection: no interpolation on arm w/o hw
On ARM, we do not have a component-local hardware time-source. The ARM
performance counter has no reliable frequency as the ARM idle command
halts the counter. Thus, we do not do local time interpolation on ARM.
Except we're on the HW kernel. In this case we can read out the kernel
time instead.

Ref #2435
2017-05-31 17:50:28 +02:00
Christian Helmuth
892ede515f depot: update recipe hashes 2017-05-31 16:18:01 +02:00
Christian Helmuth
67e33d3948 depot: adjust cap quotas in drivers_interactive_pc (64-bit) 2017-05-31 16:18:01 +02:00
Norman Feske
1e8689bafe depot: adjust cap quotas in drivers_interactive_pc 2017-05-31 13:16:25 +02:00
Norman Feske
7bb8e332a9 depot: adjust base recipe to removed headers
This patch updates the recipes for the base-<kernel> archives to the
recently removed os/config.h and os/timeout.h headers.
2017-05-31 13:16:25 +02:00
Sebastian Sumpf
c3cf7f3c3a riscv: ISA-1.9.1 and GCC-6.3.0 adaptions
Adds 1.9.1 support to base-hw

Note:
* the kernel timer is not working
* dynamic linking is currently not supported
2017-05-31 13:16:24 +02:00
Christian Prochaska
697f179e21 ram_fs: acknowledge packet in error case
Fixes #2434
2017-05-31 13:16:24 +02:00
Christian Helmuth
8bd0efced6 Remove obsolete RAM/CAP services from run scripts
Adapted launchpad and also the rm_fault and resource_request tests.

Issue #2407
2017-05-31 13:16:22 +02:00
Stefan Kalkowski
632ef28463 os: removal of deprecated os/config.h (fix #2431) 2017-05-31 13:16:22 +02:00
Emery Hemingway
16be05e530 Optional session label for Rtc connection constructor
Ref #2410
2017-05-31 13:16:22 +02:00
Christian Helmuth
febfb3bfe6 Fix source file location in RPi GPIO driver
The explicit relative location of the file instructed both target builds
to generate ../main.o which gloriously fails with parallel builds. The
produced range of error messages was astonishing ranging from "file
truncated" to "TLS reference in ../main.o mismatches non-TLS reference
in ../main.o".
2017-05-31 13:16:21 +02:00
Norman Feske
adb26b5216 API documentation refinements 2017-05-31 13:16:21 +02:00
Christian Helmuth
3c785a4ffb init: use service name from session class
Fixes issue with RAM constrains no longer effective.
2017-05-31 13:16:21 +02:00
Christian Helmuth
b37f411c3f ahci: optionally report discovered devices
Issue #2417
2017-05-31 13:16:20 +02:00
Christian Prochaska
16deaa9a72 timed_semaphore: fix deprecated warning
Fixes #2429
2017-05-31 13:16:19 +02:00
Stefan Kalkowski
0fb672b493 run: use default Qemu memory size for x86
Fix #2428
2017-05-31 13:16:19 +02:00
Emery Hemingway
25ec021fee server/vfs: ignore invalid handles at close()
Ref #2410
2017-05-31 13:16:18 +02:00
Christian Helmuth
923b3ec54d part_blk: prevent deprecated warning 2017-05-31 13:16:18 +02:00
Boris Mulder
d094ff995f part_blk: added optional partitions report 2017-05-31 13:16:16 +02:00
Norman Feske
0167d5af50 Integrate core's RAM service into the PD service
Fixes #2407
2017-05-31 13:16:14 +02:00
Norman Feske
3fc2a798b2 init: heuristics for DMA buffer allocations
If a child is allowed to constrain physical memory allocations but left
the 'phys_start' and 'phys_size' session arguments blank, init applies
builtin constraints for allocating DMA buffers.

The only component that makes use of the physical-memory constraint
feature is the platform driver. Since the built-in heuristics are
applied to the platform driver's environment RAM session, all
allocations performed by the platform driver satisfy the DMA
constraints.

To justify building-in these heuristics into init as opposed to
supplying the values as configuration arguments, the values differ
between 32 and 64 bit. The configuration approach would raise the need
to differentiate init configurations for both cases, which are
completely identical otherwise.

Issue #2407
2017-05-31 13:16:13 +02:00
Alexander Boettcher
420b66a1f0 platform_drv: remove usage of ram_connection
This commit removes support for limitation of RAM allocations from the
platform_drv. A subsequent commit adds this feature to init.

Issue #2398
Issue #2407
2017-05-31 13:16:13 +02:00
Norman Feske
71efb59873 terminal: add Cell_array destructor
With the capability-quota mechanism, the terminal-session won't always
be constructed completely on the first try (we may run out of caps in
the middle of the construction). Therefore, all members of the object
must be properly destructable. Furthermore, the patch replaces the
sliced heap by a heap to avoid allocating a new dataspace for each line
of the cell array.
2017-05-31 13:16:12 +02:00
Martin Stein
c70fed29f7 os/timer: interpolate time via timestamps
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end.  Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.

This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.

This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled.  Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.

With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.

This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.

Open issues:

* The timeout test fails on Raspberry PI because of precision errors in the
  first stage. However, this does not render the framework unusable in general
  on the RPI but merely is an issue when speaking of microseconds precision.

* If we run on ARM with another Kernel than HW the timestamp speed may
  continuously vary from almost 0 up to CPU speed. The Timer, however,
  only uses interpolation if the timestamp speed remained stable (12.5%
  tolerance) for at least 3 observation periods. Currently, one period is
  100ms, so its 300ms. As long as this is not the case,
  Timer_session::elapsed_ms is called instead.

  Anyway, it might happen that the CPU load was stable for some time so
  interpolation becomes active and now the timestamp speed drops. In the
  worst case, we would now have 100ms of slowed down time. The bad thing
  about it would be, that this also affects the timeout of the period.
  Thus, it might "freeze" the local time for more than 100ms.

  On the other hand, if the timestamp speed suddenly raises after some
  stable time, interpolated time can get too fast. This would shorten the
  period but nonetheless may result in drifting away into the far future.
  Now we would have the problem that we can't deliver the real time
  anymore until it has caught up because the output of Timer::curr_time
  shall be monotone. So, effectively local time might "freeze" again for
  more than 100ms.

  It would be a solution to not use the Trace::timestamp on ARM w/o HW but
  a function whose return value causes the Timer to never use
  interpolation because of its stability policy.

Fixes #2400
2017-05-31 13:16:11 +02:00
Christian Helmuth
307dd5768c Test for part_blk with GPT
Issue #1576
2017-05-31 13:16:11 +02:00
Christian Helmuth
03a1008f2e Use parted in part_blk test
Fixes #1576
2017-05-31 13:16:10 +02:00
Christian Helmuth
fd893a4f9b part_blk: support CHS and LBA extended partitions
Issue #1576
2017-05-31 13:16:10 +02:00
Stefan Kalkowski
9b350e7706 os: move private declarations to driver target
Ref #2403
2017-05-31 13:16:09 +02:00
Emery Hemingway
eaeb77a867 drivers/nic/linux: replace Thread_deprecated
Ref #1987
2017-05-31 13:16:09 +02:00
Stefan Kalkowski
10e2e223cd foc: remove obsolete features (ref #2405)
Removes the following Fiasco.OC specific features:
* GDB extensions for Fiasco.OC
* i.MX53 support for Fiasco.OC
* Kernel debugger terminal driver
* Obsolete interface Native_pd
* Obsolete function of interface Native_cpu
2017-05-31 13:16:08 +02:00
Christian Helmuth
24a0810cbc trace: disable out-of-metadata test step 2017-05-31 13:16:08 +02:00
Norman Feske
4d442bca30 Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.

Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.

This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-31 13:16:07 +02:00
Norman Feske
1f4f119b1e Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.

Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.

At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.

If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:

  <default-route>
    <service name="PD" unscoped_label="timer">
      <parent diag="yes"/>
    </service>
    ...
  </default-route>

For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.

Fixes #2398
2017-05-31 13:16:06 +02:00
Norman Feske
773e08976d Assign cap quotas in run scripts and recipes
Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
e44f65f3b2 core: RAM service based on 'Session_object'
This patch reworks the implementation of core's RAM service to make use
of the 'Session_object' and to remove the distinction between the
"metadata" quota and the managed RAM quota. With the new implementation,
the session implicitly allocates its metadata from its own account. So
there is not need to handle 'Out_of_metadata' and 'Quota_exceeded' via
different exceptions. Instead, the new version solely uses the
'Out_of_ram' exception.

Furthermore, the 'Allocator::Out_of_memory' exception has become an alias
for 'Out_of_ram', which simplifies the error handling.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
aea5d03691 base: add Child_policy::Route::Diag flag
The 'diag' flag can be defined by a target node of a route in init's
configuration. It is propagated as session argument to the server, which
may evaluate the flag to enable diagnostic output for the corresponding
session.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
3670f7735d base: use 'Quota_transfer::Account' for 'Service'
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.

Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.

With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
f02c8328db init: access Ram_session as const
This is now possible because the new 'used_ram' and 'ram_quota' RPC
functions are declared as const.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
6609aafb05 Replace Quota_exceeded by Insufficient_ram_quota
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.

Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).

This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
843dd179d7 base: remove int return types from 'Ram_session'
This patch replaces the existing C-style error codes with C++
exceptions.

Fixes #895
2017-05-31 13:16:04 +02:00
Norman Feske
58f44d39c5 base: use 'Ram_quota' in 'Ram_session' args
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
ff68d77c7d base: new 'Ram_allocator' interface
The 'Ram_allocator' interface contains the subset of the RAM session
interface that is needed to satisfy the needs of the 'Heap' and
'Sliced_heap'. Its small size makes it ideal for intercepting memory
allocations as done by the new 'Constrained_ram_allocator' wrapper
class, which is meant to replace the existing 'base/allocator_guard.h'
and 'os/ram_session_guard.h'.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
5a468919bb base: new session-creation helper types
This patch augments the existing session/session.h with useful types for
the session creation:

* The new 'Insufficient_ram_quota' and 'Insufficient_cap_quota'
  exceptions are meant to supersede the old 'Quota_exceeded' exception
  of the 'Parent' and 'Root' interfaces.

* The 'Session::Resources' struct subsumes the information about the
  session quota provided by the client.

* The boolean 'Session::Diag' type will allow sessions to operate in a
  diagnostic mode.

* The existing 'Session_label' is not also available under the alias
  'Session::Label'.

* A few helper functions ease the extraction of typed session arguments
  from the session-argument string.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
c1b981ede4 Annotate session interfaces with CAP_QUOTA
The new 'CAP_QUOTA' enum value denotes the capability quota to be
transferred from the client to the server at session-creation time.

Issue #2398
2017-05-31 13:16:04 +02:00
Emery Hemingway
f7d80a9bf9 drivers/ahci: clean exit when no controllers are found
Fix #2402
2017-05-31 13:16:02 +02:00
Christian Helmuth
1828f70037 Fix deprecated warnings in servers
Issue #1987
2017-05-31 13:16:02 +02:00
Emery Hemingway
24a9537a27 File_system: replace per-handle signals with notification packets
Replace registration and signaling of per-handle signal capabilities
with CONTENT_CHANGED notification packets.

Fix #2397
2017-05-31 13:16:01 +02:00
Emery Hemingway
29b3fff5eb app/rom_to_file: catch Node_already_exists and overwrite files
Ref #1934
2017-05-31 13:16:01 +02:00
Stefan Kalkowski
6106e64aac base: remove include/spec/* other than ISA
This commit moves the headers residing in `repos/base/include/spec/*/drivers`
to `repos/base/include/drivers/defs` or repos/base/include/drivers/uart`
respectively. The first one contains definitions about board-specific MMIO
iand RAM addresses, or IRQ lines. While the latter contains device driver
code for UART devices. Those definitions are used by driver implementations
in `repos/base-hw`, `repos/os`, and `repos/dde-linux`, which now need to
include them more explicitely.

This work is a step in the direction of reducing 'SPEC' identifiers overall.

Ref #2403
2017-05-31 13:16:01 +02:00
Christian Helmuth
1d99e7ede9 base: classify signals as I/O and application level
Fixes #2363
2017-05-31 13:15:58 +02:00
Alexander Boettcher
3f5c1b3626 top: fix replacement strategy
Issue #2307
2017-05-31 13:15:57 +02:00
Norman Feske
9a6c194432 init: fix constness-related warnings by gcc 6.3
Fixes #2374
2017-05-31 13:15:57 +02:00
Norman Feske
b58fbe5ba5 Depot-archive recipes
Issue #2339
2017-05-31 13:15:56 +02:00
Alexander Boettcher
1220a06c3b platform_drv: avoid gcc 6 warnings 2017-05-31 13:15:55 +02:00
Norman Feske
7729398105 ps2_drv: reset mouse at startup
This patch replaces the set-defaults command by a reset command, which
is needed to use the Lenovo x250 trackpoint. (original patch by
Christian Prochaska)
2017-05-31 13:15:54 +02:00
Christian Helmuth
7680d20686 Re-enable usb_block test 2017-05-31 13:15:54 +02:00
Alexander Boettcher
7005e54de2 nova: fix syscall bindings with GCC 6
Fixes #2377
2017-05-31 13:15:52 +02:00
Norman Feske
8e7aa54493 base: drop session states of vanished clients
For asynchronously provided sessions, the parent has to maintain the
session state as long as the server hasn't explicitly responded to a
close request. For this reason, the lifetime of such session states is
bound to the server, not the client.

When the server responds to a close request, the session state gets
freed. The 'session_response' implementation does not immediately
destroy the session state but delegates the destruction to a client-side
callback, which thereby also notifies the client. However, the code did
not consider the case where the client has completely vanished at
session-response time. In this case, we need to drop the session state
immediately.

Fixes #2391
2017-05-31 13:15:52 +02:00
Christian Helmuth
117a533828 rom_filter: fix compilation with GCC 6
Issue #2372
2017-05-31 13:15:52 +02:00
Christian Prochaska
52411c9017 terminal: add support for 'ESC[m' sequence
Fixes #2392
2017-05-31 13:15:51 +02:00
Martin Stein
64fb2865b0 nic_router: fix compile error "flexible array ..."
Fixes #2384
2017-05-31 13:15:51 +02:00
Christian Prochaska
d23dd0cdb4 init: workaround for GCC 6 compile errors
Issue #2374
2017-05-31 13:15:50 +02:00
Alexander Boettcher
e3e41e5ca0 ahci: avoid deprecated warnings
Issue #1987
2017-05-02 15:29:03 +02:00
Christian Helmuth
f9bb88cd2e Disable scan-code translation in PS/2 on ARM PL050
This enables to run the driver on recent Qemu versions.
2017-05-02 15:29:02 +02:00
Christian Helmuth
67f22a6c90 Fix key count in input test 2017-05-02 15:29:02 +02:00
Norman Feske
60cda87b5c init.run: add missing build of report_rom 2017-05-02 15:29:02 +02:00
Christian Helmuth
e49bb4943e Deprecate policy constructor with implicit config
because it uses the deprecated config library.

Issue #1987
2017-05-02 15:29:02 +02:00
Emery Hemingway
dde11de008 Unify client policy across File_system servers
File_system servers shall deny clients not matching a defined policy.
Servers shall also apply session root offset policy followed by a client
offset.

Fix #2365
2017-05-02 15:28:57 +02:00
Christian Helmuth
f96b5b89f2 Fix more deprecated warnings
Issue #1987
2017-05-02 15:28:55 +02:00
Norman Feske
539d976a9a init: fix routing to child with multiple services
Init's service forwarding functionality did not take the service type
into account when forwarding a session request. If a server provides
multiple services, e.g. fb_sdl that provides both "Input" and
"Framebuffer", the type of the forwarded session request did not always
correspond to the actually requested type.
2017-05-02 15:28:54 +02:00
Emery Hemingway
0d488925ee server/rom_filter: generate top-level attributes
Conditionally inject attributes on the output XML node with
``<attribute name="..." value="..."``

Fix #2348
2017-05-02 15:28:48 +02:00
Christian Helmuth
d18f976b15 nitpicker: strictly type command processing 2017-03-27 12:35:23 +02:00
Christian Helmuth
b35df4578b Check Registered base class provides virtual destructor
The base class of Registered must provide a virtual destructor to enable
safe deletion with just a base class pointer. This requirement can be
lifted by using Registered_no_delete in places where the deletion
property is not needed.

Fixes #2331
2017-03-24 16:20:04 +01:00
Christian Helmuth
cb43e04691 ldso: defer execution of static constructors
Ldso now does not automatically execute static constructors of the
binary and shared libraries the binary depends on. If static
construction is required (e.g., if a shared library with constructor is
used or a compilation unit contains global statics) the component needs
to execute the constructors explicitly in Component::construct() via
Genode::Env::exec_static_constructors().

In the case of libc components this is done by the libc startup code
(i.e., the Component::construct() implementation in the libc).

The loading of shared objects at runtime is not affected by this change
and constructors of those objects are executed immediately.

Fixes #2332
2017-03-24 16:20:04 +01:00
Christian Helmuth
88db3c0df7 Fix some deprecated warnings
Issue #1987
2017-03-24 16:20:03 +01:00
Christian Helmuth
707f66e9a5 ahci: remove disk image after test 2017-03-24 16:20:02 +01:00
Christian Helmuth
19703e6617 Remove deprecated Attached_mmio constructor 2017-03-24 16:20:01 +01:00
Christian Helmuth
d3884c67ad sd_card: remove disk image after test 2017-03-24 16:20:01 +01:00
Christian Helmuth
9fb175e236 fb_bench: adjust RAM quota for large frame buffers 2017-03-24 16:20:00 +01:00
Norman Feske
8d68d3d8ac Adapt resource-request test to changes of init
The test used to rely on init's formerly built-in policy of answering
resource requests with slack memory, if available. Since init no longer
responds to resource requests in an autonomous way, we use a dynamically
configured sub-init instance as runtime for the test. This instance, in
turn, is monitored and controlled such that resource requests are
result in quota upgrades. The monitoring component is implemented in
the same test-resource_request program as the test. Both roles are
distinguished by the "role" config attribute.

This is a follow-up to "init: explicit response to resource requests".
2017-03-24 16:20:00 +01:00
Norman Feske
8ab8e65fb5 input_filter.run: avoid runtime resource request
This is a follow-up to "init: explicit response to resource requests".
2017-03-24 16:20:00 +01:00
Norman Feske
7813c3be8f init.run: tweak timings for Qemu 2017-03-24 16:19:58 +01:00
Norman Feske
892043ed76 init: trigger report update on version change
If the version attribute of init's <config> is changes, trigger the
generation of a new state report that includes the information of the
new version.
2017-03-24 16:19:58 +01:00
Norman Feske
f6c494497b os: remove stale xev_track.h header
This is a follow-up commit to "Remove app/xvfb and lib/xev_track".

Issue #1987
2017-03-24 16:19:57 +01:00
Norman Feske
1fde4d638c init: service forwarding
This patch equips init with the ability to act as a server that forwards
session requests to its children. Session requests can be routed
depending of the requested service type and the session label
originating from init's parent.

The feature is configured by one or multiple <service> nodes hosted in
init's <config> node. The routing policy is selected by via the regular
server-side policy-selection mechanism, for example:

<config>
  ...
  <service name="LOG">
    <policy label="noux">
      <child name="terminal_log" label="important"/>
    </policy>
    <default-policy> <child name="nitlog"/> </default-policy>
  </service>
  ...
</config>

Each policy node must have a <child> sub node, which denotes name of the
server with the 'name' attribute. The optional 'label' attribute defines
the session label presented to the server, analogous to how the
rewriting of session labels works in session routes. If not specified,
the client-provided label is presented to the server as is.

Fixes #2247
2017-03-24 16:19:57 +01:00
Norman Feske
1489791d5e init: explicit response to resource requests
This patch removes the formerly built-in policy of responding to
resource requests with handing out slack quota. Instead, resource
requests have to be answered by an update of the init configuration with
adjusted quota values.

Note that this patch may break run scripts that depend on init's
original policy. Those run scripts may be adjusted by increasing the
quota for the components that use to inflate their RAM usage during
runtime such that the specified quota suffices for the entire lifetime
of the component.
2017-03-24 16:19:57 +01:00
Norman Feske
29c4ed45cc init: use Prio_levels type instead of basic type 2017-03-24 16:19:57 +01:00
Norman Feske
06943f413d init: respond to RAM-quota changes in config
This patch improves init's dynamic reconfigurability with respect to
adjustments of the RAM quota assigned to the children.

If the RAM quota is decreased, init withdraws as much quota from the
child's RAM session as possible. If the child's RAM session does not
have enough available quota, a resource-yield request is issued to
the child. Cooparative children may respond to such a request by
releasing memory.

If the RAM quota is increased, the child's RAM session is upgraded.
If the configuration exceeds init's available RAM, init re-attempts
the upgrade whenever new slack memory becomes available (e.g., by
disappearing other children).
2017-03-24 16:19:57 +01:00
Norman Feske
b3e5357cf1 Adaptation to init refactoring
Since init no longer provides public headers, we have to adjust the
existing users of this headers. The 'init/child_config.h' is used only
by GDB monitor. So the patch moves the header there as an interim fix.
The 'init/child_policy.h' is still used by a few components, so we have
to keep a trimmed-down version of it for now.
2017-03-24 16:19:56 +01:00
Norman Feske
1cf830497a init: refactoring into multiple files
This patch splits the implementation of init into several headers to
make the implementation easier to digest and to maintain.
2017-03-24 16:19:56 +01:00
Norman Feske
9dca1503a8 init: apply changes of <provides> nodes
This patch enables init to apply changes of any server's <provides>
declarations in a differential way. Servers can in principle be extended
by new services without re-starting them. Of course, changes of the
<provides> declarations may affect clients or would-be clients as this
information is taken into account for the session routing.
2017-03-24 16:19:56 +01:00
Norman Feske
8d4fb288d9 init: add version attribute to start nodes
The optional 'version' attribute allows for the forced restart of a
child with an otherwise unmodified start node. The specified value is
also reflected in the state report.
2017-03-24 16:19:56 +01:00
Norman Feske
fcf25c22d1 init: respond to binary-name changes
This patch covers the resolution of the ROM route for child binaries
via the generic label-rewriting mechanics. Now, the <binary> node has
become merely sytactic sugar for a route like the following:

<start name="test"/>
  <route>
    <service name="ROM" unscoped_label="test">
      <parent label="test-binary-name"/> </service>
      ...
  </route>
  ...
</start>

A change of the binary name has an effect on the child's ROM route to
the binary and thereby implicitly triggers a child restart due to the
existing re-validation of the routing.
2017-03-24 16:19:55 +01:00
Norman Feske
39e409f756 os: sanity check in Reporter::Xml_generator
With this check in place, one can safely construct an 'Xml_generator'
even if the report is disabled. This relieves the user of the reporter
from the need to distinguish enabled from disabled reports.
2017-03-24 16:19:55 +01:00
Josef Söntgen
031337f039 trace_fs: remove os/server.h usage
Issue #2310.
2017-03-24 16:19:55 +01:00
Josef Söntgen
3d0bde2147 test/iso: remove env deprecated warning
Issue #2310.
2017-03-24 16:19:54 +01:00
Josef Söntgen
a26b4e6bd4 nic_bridge: remove os/server.h usage
Issue #2310.
2017-03-24 16:19:54 +01:00
Martin Stein
078f28238f os: fix some more deprecated warnings
Ref #1987
2017-03-15 14:04:56 +01:00
Alexander Boettcher
3b977d4cf3 acpi: avoid warning about dangling allocations
like

Warning: XX dangling allocations at allocator destruction time

Fixes #2330
2017-03-15 13:12:48 +01:00
Christian Helmuth
8ca6009c09 fb_bench: disable autopilot run on linux 2017-03-15 12:32:27 +01:00
Norman Feske
ec007c0f27 input_filter.run: stabilize key-repeat test
Under certain timing conditions, the test would end up flushing the
input from the input filter in a nested way, which ultimately resulted
in lost input events of the outer nesting level. This patch eliminates
this corner case and thereby stabilizes the key-repeat test.
2017-03-15 12:32:27 +01:00
Christian Helmuth
b9834bc388 Rename Linux audio driver to linux_audio_drv
Related to #2190
Fixes #2278
2017-03-15 12:32:27 +01:00
Christian Helmuth
43e7cc56a3 Rename Linux NIC driver to linux_nic_drv
Related to #2190
Issue #2278
2017-03-15 12:32:27 +01:00
Josef Söntgen
bf96c7f16e platform/x86: fix quota for local ram session
Transfer quota to the session local RAM session to react to the
Quota_exceeded exception properly.

The platform driver keeps a session local RAM session for each of its
clients that is used to allocate DMA memory. A client needs to transfer
some of its quota to the platform driver, which in return transfers this
quota to the session local RAM session. As it happens allocating memory
from a RAM session involves book keeping and in this case, where the
available quota in the session did not suffice and the request was only
a few KiB, the platform driver handled the exception wrongly and did not
transfer the quota.

This problem did not surface up to now because all drivers allocate DMA
memory in larger chunks and the book keeping overhead was of no
consequence as the initial quota transfer probably covered the overhead.

Fixes #2316.
2017-03-15 12:32:27 +01:00
Martin Stein
35cc020e9c os/server: nic_dump
A tiny bump-in-the-wire tool for dumping NIC packet information.

Ref #2314
2017-03-15 12:32:26 +01:00
Sebastian Sumpf
c1f4dad811 base-pistachio: use PIT in Genode timer
on x86_32

issue #2308
2017-03-15 12:32:26 +01:00
Stefan Kalkowski
4a30c13c2d os: synchronize thread destruction of trace test
* Increase test-thread count to trigger quota exceeding on all platforms
* Synchronize test-thread destruction, otherwise an half-destructed thread
  object can lead to an error message of the thread to be destructed,
  which causes a deadlock, when the destructed thread still holds the log lock
* Limit SMP settings for QEMU to x86 (Ref #2307)
2017-03-15 12:32:25 +01:00
Alexander Boettcher
beb5169ee9 signal test: fix destruction of nested test
The signal_1/2/3 objects (which are threads) are in destruction, but still
signals are send to them. When the signal arrive and the memory for the
signal_1/2/3 object is already invalid we operate on stale memory and all
the locking infrastructure of the Thread don't work anymore.

Be more robust, explicitly wait for the termination of the thread.

Issue #2284
2017-03-15 12:32:25 +01:00
Martin Stein
9834f0cf1e cpu_quota.run: raise test timeout
Previously it worked on Panda only because the timer driver was too
fast.

Ref #2308
2017-03-15 12:32:25 +01:00
Alexander Boettcher
451c08ac01 os: app showing top style CPU utilization via LOG
Fixes #2307
2017-03-15 12:32:25 +01:00
Norman Feske
245cfd8571 input_filter.run: omit char-repeat test on Qemu
Apparently, the character-repeat test is too timing-sensitive to run
reliably on Qemu.
2017-03-15 12:32:24 +01:00
Martin Stein
e744c76bf2 mmio: make base address member private
Ref #2196
2017-03-15 12:32:24 +01:00
Martin Stein
5366c8cf7e ahci: do not copy port MMIO objects
Ref #2196
2017-03-15 12:32:23 +01:00
Martin Stein
b05b5616c8 x86 cpu_quota: lower error tolerance
Previously, on X86, the timer driver used the PIT with a maximum timeout
of 54 ms.  Thus, the driver frequently interrupted the counters with
highest priority to update the timer. This is why we needed a higher
error tolerance as for ARM where the driver, once configured, can sleep
for the whole test timeout. Now, we use the kernel timer and the problem
seems to be exits no longer.

Ref #2304
2017-03-15 12:24:44 +01:00
Martin Stein
574a1bd198 test/cpu_quota: tolerate errors in session quota
Previously we pre-calculated the translation errors for the session
quota to make a discret check in the test. But since the order, in which
init childs get their CPU quota isn't always the same anymore (we should
have never made assumptions about that) the translation errors differ
from trial to trial. However, the errors are below 0.01% of the super
period. We now tolerate them in the run script.

Ref #2304
2017-03-15 12:24:44 +01:00
Christian Helmuth
ca57afd67e terminal_crosslink: prevent deprecated warning 2017-03-15 12:24:43 +01:00
Martin Stein
a558afbed5 rpi sd_card: move to new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Martin Stein
31f4c0640a omap4 sd_card: move to new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Martin Stein
a42e53728d imx sd_card: move to new Mmio::wait_for 2017-03-15 12:24:43 +01:00
Martin Stein
acf762ec9f exynos5 fb_driver: use new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Martin Stein
7d4674b728 rpi platform driver: use new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Stefan Kalkowski
fbdfbc2476 bomb: remove redundant Rpc_entrypoint in Child
Fixes #2302
2017-03-15 12:24:41 +01:00
Martin Stein
dc415669aa signal test: add stressful nested test
Ref #2284
2017-03-15 12:24:40 +01:00
Josef Söntgen
5ad4da4b1b os: force Out_of_metadata exception in TRACE test
We have to create additional threads to trigger the Out_of_metadata
exception on certain platforms.

Fixes #2297.
2017-02-28 13:00:44 +01:00
Josef Söntgen
552bb13f99 rom_logger: remove env deprecated warning
Issue #2280.
2017-02-28 12:59:31 +01:00
Norman Feske
23ad546a88 init: make RAM preservation configurable
This patch improves the accuracy of init's quota-saturation feature
(handing out all slack quota to a child by specifying an overly high RAM
quota for the child) and makes the RAM preserved by init configurable.
The preservation is specified as follows:

! <config>
!   ...
!   <resource name="RAM" preserve="1M"/>
!   ...
! </config>

If not specified, init has a reasonable default of 160K (on 32 bit) and
320K (on 64 bit).
2017-02-28 12:59:30 +01:00
Alexander Boettcher
28b359703d ram_fs: avoid Deref_unconstructed_object exception
if ROM is invalid. With the patch one gets a name of the ROM and the
server continues.
2017-02-28 12:59:30 +01:00
Josef Söntgen
ecd5bef7cb rom_to_file: remove Server library
Issue #2280.
2017-02-28 12:59:30 +01:00
Josef Söntgen
0c7200a0fe gpio: remove env deprecated warnings
And while there, remove usage of Server library.

Issue #2280.
2017-02-28 12:59:30 +01:00
Josef Söntgen
4f8804c334 input/imx53: remove env deprecated warnings
Issue #2280.
2017-02-28 12:59:30 +01:00
Norman Feske
29b8d609c9 Adjust file headers to refer to the AGPLv3 2017-02-28 12:59:29 +01:00
Norman Feske
70548959b7 os: fix session routes in rom_to_file.run 2017-02-28 12:59:28 +01:00
Norman Feske
150c286f0e init: dynamic configuration
This patch lets init apply configuration changes to a running scenario
in a differential way. Children are restarted if any of their session
routes change, new children can be added to a running scenario, or
children can deliberately be removed.

Furthermore, the new version of init is able to propagate configuration
changes (modifications of <config> nodes) to its children without
restarting them.
2017-02-28 12:59:26 +01:00
Norman Feske
a9795c93f9 init: use buffered XML for config 2017-02-28 12:59:26 +01:00
Norman Feske
e4fba26a85 init: Genode::String for unique and binary name
This patch removes the use of C-style string functions from init.
2017-02-28 12:59:26 +01:00
Alexander Boettcher
328da2975f vfs: fix races in fs_file_system with pthreads
Change metadata before submitting a packet. If the submitting thread is a
pthread, the metadata may be immediately change by the signal handler running
in the context of the entrypoint thread.
2017-02-28 12:59:23 +01:00
Josef Söntgen
69c48a3626 os: refactor Global_file_system_factory
The global file system factory is now created explicitly and the
global singleton accessor function was removed.

Fixes #2281.
2017-02-28 12:59:23 +01:00
Norman Feske
9cba459958 base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.

In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping

Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.

For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-28 12:59:23 +01:00
Norman Feske
641fb08b5f Automated test for init 2017-02-28 12:59:23 +01:00
Norman Feske
84fddafda7 init: enable init to report its internal state
This patch equips init with the ability to report its internal state in
the form of a "state" report. This feature can be enabled by placing a
'<report>' node in init's configuration.

The report node accepts the following arguments (with their default
values):

'delay_ms="100"': specifies the number of milliseconds to wait before
  producing a new report. This way, many consecutive state changes -
  like they occur during the startup - do not result in an overly
  large number of reports but are merged into one final report.

'buffer="4K"': the maximum size of the report in bytes. The attribute
  accepts the use of K/M/G as units.

'init_ram="no"': if enabled, the report will contain a '<ram>' node
  with the memory stats of init.

'ids="no"': supplement the children in the report with unique IDs, which
  may be used to infer the lifetime of children accross configuration
  updates in the future;

'requested="no"': if enabled, the report will contain information about
  all session requests initiated by the children.

'provided="no"': if enabled, the report will contain information about
  all sessions provided by all servers.

'session_args="no"': level of detail of the session information
  generated via 'requested' or 'provided'.

'child_ram="no"': if enabled, the report will contain a '<ram>' node
  for each child based on the information obtained from the child's RAM
  session.

Issue #2246
2017-02-28 12:59:22 +01:00
Martin Stein
a4d110aa60 nic_router: fix indentation in verbose log
Ref #2193
2017-02-28 12:59:21 +01:00
Norman Feske
e17811fb7a cli_monitor: API transition
Issue #1987
2017-02-28 12:59:20 +01:00
Norman Feske
8cb0dc9c16 init: session-label rewriting
This patch enhances init with the support for rewriting session labels
in the target node of a matching session route. For example, a Noux
instance may have the following session route for the "home" file
system:

<route>
  <service name="File_system" label="home">
    <child name="rump_fs"/>
  </service>
  ...
</route>

At the rump_fs file-system server, the label of the file-system session
will appear as "noux -> home". This information may be evaluated by
rump_fs's server-side policy. However, when renaming the noux instance,
we'd need to update this server-side policy.

With the new mechanism, the client's identity can be hidden from the
server. The label could instead represent the role of the client, or a
name of a physical resource. For example, the Noux route could be
changed to this:

<route>
  <service name="File_system" label="home">
    <child name="rump_fs" label="primary_user"/>
  </service>
  ...
</route>

When the rump_fs receives the session request, it is presented with the
label "primary_user". The fact that the client is "noux" is not taken
into account for the server-side policy selection.

Issue #2248
2017-02-28 12:59:20 +01:00
Sebastian Sumpf
2d199982eb os: add 'wait_and_dispatch_one_signal' test 2017-02-28 12:59:20 +01:00
Norman Feske
b1a9addeb6 os/child_policy_dynamic_rom.h: API transition
Issue #1987
2017-02-28 12:59:19 +01:00
Josef Söntgen
b1dca8e047 os: pass env to connections in uart test
Issue #2280.
2017-02-28 12:59:18 +01:00
Josef Söntgen
15821e32ec nic: remove usage of deprecated env()
This commit includes changes to the Nic::Session_component interface.
We now pass the entire env to the component instead of only ram, rm and
the ep because we need the env to open connections from within the
Session_component implemenation. So far only the cadence_gem driver
needs this, though.

Issue #2280.
2017-02-28 12:59:18 +01:00
Josef Söntgen
e6e1d8c144 platform/arm: remove usage of deprecated env()
Issue #2280.
2017-02-28 12:59:18 +01:00
Josef Söntgen
0b9272bd9c timer: remove usage of deprecated env()
Issue #2280.
2017-02-28 12:59:18 +01:00
Josef Söntgen
de401f37fb uart/x86: remove usage of deprecated env()
Issue #2280.
2017-02-28 12:59:18 +01:00
Josef Söntgen
493d3e58cf ps2: remove usage of deprecated env()
Issue #2280.
2017-02-28 12:59:17 +01:00
Josef Söntgen
3c57a8b3c2 usb_session: pass Region_map explicitly
Issue #2280.
2017-02-28 12:59:17 +01:00
Josef Söntgen
69925ee126 ahci: remove usage of deprecated env()
The remaining warnings are false-positives because os/attached_mmio.h
contains both constructor variants.

Issue #2280.
2017-02-28 12:59:17 +01:00
Christian Helmuth
ad185fe1fe vfs: improve read-ready handling in VFS server 2017-02-28 12:59:16 +01:00
Norman Feske
652f92c9c9 init: 'unscoped_label' session-routing attribute
This patch enhances init with the ability to route individual
environment sessions. Prior this patch, environment sessions could be
routed only by an all-encompassing '<service>' node that would match
both child-initiated and environment sessions.

In contrast to the existing 'label', 'label_prefix', and 'label_suffix'
attributes of '<service>' nodes, which are always scoped with ther name
of the corresponding child, the 'unscoped_label' allows the definition
of routing rules for all session requests, including init's requests for
the child's environment sessions. For example, to route the ROM session
requests for a child's dynamic linker, the following route would match:

<route>
  <service name="ROM" unscoped_label="ld.lib.so"> ... </service>
</route>

Issue #2215
2017-02-27 15:37:49 +01:00
Martin Stein
0b5db07948 vfs fs: ignore dead handle IDs on handle_ack
When a directory gets destructed it dissolves the handles of each contained file
but the acknowledgement might be still in-flight. If we finally receive it,
it leads to an Unknown_id exception on the Handles ID Space in 'handle_ack'.
Now we catch it, print a warning, and go on.
2017-02-27 15:37:49 +01:00
Norman Feske
19868de69a launcher: API transition (deprecated warnings)
Issue #1987
2017-02-27 15:37:49 +01:00
Norman Feske
aee90ed453 Adapt components to new Event::CHARACTER type
Issue #2264
2017-02-27 15:37:49 +01:00
Norman Feske
455bd9396e gems/terminal: support 'CHARACTER' events
This patch adds the handling of 'CHARACTER' events as emitted by the
input-filter's character generator (<chargen>). To avoid interpreting
press/release events twice (at the input filter and by the terminal's
built-in scancode tracker), the terminal's scancode tracker can be
explicitly disabled via <config> <keyboard layout="none"/> </config>.
In the future, the terminal's built-in scancode tracker will be
removed.

The use of the terminal with the input filter is illustrated by the
'terminal_echo.run' script.

Issue #2264
2017-02-27 15:37:49 +01:00
Norman Feske
2ce87216bc os: input_filter implementation and test
The input_filter is the successor of the input_merger. In addition to
merging input streams, the component applies several forms of input
transformations such as the application of keyboard layouts.

Issue #2264
2017-02-27 15:37:49 +01:00
Norman Feske
859d23d92b os: introduce Input::Event::CHARACTER type
Character events are created via a dedicated 'Event' constructor that
takes an 'Event:Utf8' object as argument. Internally, the character is
kept in the '_code' member. The 'Utf8' value can by retrieved by the
recipient via the new 'utf8' method.

Issue #2264
2017-02-23 15:03:29 +01:00
Christian Helmuth
61b6dccf13 Queued read/write/read_ready in VFS and servers 2017-02-23 15:03:28 +01:00
Christian Helmuth
b805e001db Add READ_READY support to file-system session
The read-ready packet informs the server that the client wants to be
notified if a handle becomes readable. When becoming readable, the
server acknowledges packet and the client may queue a read requests
accordingly.
2017-02-23 14:54:51 +01:00
Martin Stein
ed370a8f5c Introduce gpio_drv function in run scripts
Do not use automatic alias in the run tool for the name of the
gpio-driver binary.

Ref #2268
2017-02-23 14:54:50 +01:00
Sebastian Sumpf
aa602032dd vfs: dynamic configuration support 2017-02-23 14:54:48 +01:00
Martin Stein
c2e6fd9392 fb_bench: do not test on i.MX53 + Fiasco.OC
The i.MX53 Framebuffer driver doesn't come up on on Fiasco.OC because the Platform
driver isn't allowed to access essential devises like the SRC or the Fuses. This is
most likely due to the kernel not configuring the CSU appropriately.

Ref #2268
2017-02-23 14:54:45 +01:00
Josef Söntgen
1e1ce43170 lan9118: use env in Timer connection
Issue #2275.
2017-02-23 14:54:45 +01:00
Josef Söntgen
e6e85fce74 os: remove Server from nic/component
Issue #2275.
2017-02-23 14:54:44 +01:00
Christian Helmuth
15957a2d3d Adapt nitpicker config to xray_trigger changes 2017-02-23 14:54:43 +01:00
Emery Hemingway
48150a706b update Reporter constructors
The Reporter utility needs a reference to the environment at
construction to establish Report connections.

Ref #1987
Fix #2232
2017-02-07 19:20:29 +01:00
Martin Stein
b26988feeb gpio_drv: get rid of specs foc_rpi and hw_rpi
Ref #2268
2017-02-07 11:12:29 +01:00
Martin Stein
102676b1c1 fb_bench: do not test on zynq
There is currently no FB driver for zynq.

Ref #2268
2017-02-07 11:12:29 +01:00
Christian Helmuth
f9389109bf Support select in libc VFS plugin by read_ready() 2017-02-07 11:12:29 +01:00
Norman Feske
f8349b5bc7 os/slave.h: Remove use of global allocator
This patch eliminates the need for a global allocator by passing the
parent-service registry as argument to the 'Slave::Policy' constructor.

Fixes #2269
2017-02-07 11:12:28 +01:00
Christian Helmuth
c0d61858c3 Support for suspendable read in VFS and libC
The support has two parts. First, a VFS plugin now gets passed an
I/O-response handler callback on construction, which informs users of the
VFS that an I/O event occurred. This enables, for example, the libC to
check if blocking read can be completed. Further, the VFS file I/O
interface provides now functions for suspendable reads, i.e.,
queue_read() and complete_read().
2017-02-07 11:12:27 +01:00
Josef Söntgen
e5d6c06f58 Rework trace test and add to autopilot
Issue #2260
2017-02-07 11:12:26 +01:00
Martin Stein
223cc06341 fb_bench: start QEMU with -nographic
Enables us to test on our machines without SDL and X.

Ref #2268
2017-02-07 11:12:26 +01:00
Martin Stein
066a5e9670 fb_bench: mark wand_quad as not supported
We do not have a framebuffer driver on Wandboard yet.

Ref #2268
2017-02-07 11:12:26 +01:00
Martin Stein
ae91ca012e fb_bench: correct "platform not supported" message
Ref #2268
2017-02-07 11:12:25 +01:00
Martin Stein
77e266d1ff fb_bench: add gpio driver when supported
Ref #2268
2017-02-07 11:12:25 +01:00
Emery Hemingway
3e6646fd9a server/vfs: API transition
* Use an attached ROM rather than the global config()
* Use a Ram_session_guard to track session metadata allocation

Ref #1987
2017-02-07 11:12:21 +01:00
Emery Hemingway
ded2f7e2d4 server/vfs: use Id_space to manage open nodes
Replacing the node lookup table with an Id_space removes the
limit on open handles per session and allows mutal associativity
between File_system handles and local VFS handles.

Fix #2221
2017-02-07 11:12:21 +01:00
Christian Helmuth
531e35ec42 Define Microseconds max value in timeout framework 2017-01-31 14:58:37 +01:00
Norman Feske
9fffb004b2 os/timer.h: disambiguate Timer::curr_time 2017-01-31 14:58:36 +01:00
Norman Feske
818795ab90 vfs/block: fix seek-offset handling during write
The block file system wrongly modified the seek offset during a
read-modify-write operation that is required for sub-block-size
requests. This led to problems whenever such write requests spanned
multiple blocks and thereby were handled in multiple iterations.

Fixes #2262
2017-01-31 12:01:19 +01:00
Norman Feske
9adc6f1228 os: compile-time-defined parent-service registry
The new utility at 'os/static_parent_services.h' allows the creation of
a registry of parent services at compile time and thereby eliminates the need
for dynamic memory allocations whenever the set of services is known at
compile time as is the case for most uses of 'Slave::Policy'. The commit
showcases the utility in the bomb test.
2017-01-31 12:01:19 +01:00
Norman Feske
cd3a5852d6 Warn about the use of deprecated headers
This commit enables compile-time warnings displayed whenever a deprecated
API header is included, and adjusts the existing #include directives
accordingly.

Issue #1987
2017-01-31 12:01:18 +01:00
Martin Stein
b4600bfc99 sd_card_bench: exclude foc+imx_53 and odroid_xu
On Odroid XU the SD card driver comes up and finds a card but for card
access it seems that we would need a platform driver like on Arndale.

On imx_53, the first SDHCI MMIO access faults. This is likely due to the
AIPSTZ memory bridge. On HW, we initialize the AIPSTZ in the kernel, but
when I tried doing that in the platform driver instead, the first AIPSTZ
MMIO access faults ^^ So I gave up for now and removed support.

Fixes #2259
2017-01-31 12:01:17 +01:00
Martin Stein
e36368735b input.run: add missing routing rules
Ref #1987
2017-01-31 12:01:17 +01:00
Martin Stein
7184f0febe init: handle Service_denied during child creation
Ref #1987
2017-01-31 12:01:17 +01:00
Martin Stein
ed62199957 test/reconstructible: move to base
The test uses only stuff from the base repo.

Ref #1987
2017-01-31 12:01:15 +01:00
Martin Stein
d1134644cc test/synced_interface: move to base
The test uses only stuff from the base repo.

Ref #1987
2017-01-31 12:01:15 +01:00
Martin Stein
ad2d1fe586 os/test: transition to new base API
For all tests
* use Component::construct instead of main
* use new connection constructors with env argument
* use log instead of printf

For some tests
* replace signal receivers with signal handlers
* replace global static variables with Main class members
* remove unnecessary multithreading
* model test steps as classes that are independent from each other and managed
  by Main as constructibles
* use references instead of pointers and exceptions instead of error codes
* use Attached_* helpers intead of doing attach/detach manually
* use helpers like String, Id_space, Registry instead of arrays and lists
* make the run script suitable for automated execution and conclusion

Ref #1987
2017-01-31 12:01:15 +01:00