To prevent caching side-effects of USB DMA memory taken from the packet stream
all allocations of USB packets need to be on separated cachelines at least.
Fixgenodelabs/genode#4655
To complement the GPIO support allow for setting and reading input
pins. So far this is needed by drivers that attempt to perform I2C
bit-banging via GPIO pins.
Fixes#4624.
In case the allocation fails for the largest possible connector mode,
try smaller modes. Additional add option to specify maximal resolution.
Issue #4659
Increase "assumed" internal kernel memory size based on available memory
to support allocation of framebuffer larger than 16M, which was before
hardcoded.
Issue #4659
When using the newer genode_c_api uplink library, an uplink connection uses
the device name as label, which enables integrators to use different policies
resp. routes for different devices driven by one driver. The nic_drv policy
of the nic_roouter configuration generated by the sculpt_manager however uses
an empty label like: "nic_drv -> ". This is the way how existent NIC drivers,
like ipxe_nic_drv requested their uplink session. To support both driver
variants this commit relaxes the policy by checking for a prefix only.
Ref genodelabs/genode#4660
This patch equips the pin-driver framework with support for the
time-multiplexed operation of a pin as output or input. This is needed
when implementing I2C communication via a bit-banging driver.
To operate pin in both directions, a driver obtains both a pin-state and
a pin-control session for the same pin. The pin-state session can be
used to sense the current pin state. The control session allows the
client to set the pin to high or low (using the 'state' method), or to
set it to high-impedance via the 'yield' method. Once switched to
high-impedance, the pin can be used as input.
Issue genodelabs/genode-allwinner#10
The tar.gz archive of version 2.4.9 vanished from sourceforge. As the
project moves to GitHub currently and the archive of 2.4.9 is still
available there, just update the download location.
Content and hashes did not change.
If a device should not be reset, powered off, and its clocks
shall stay untouched when it gets released, the leave_operational
attribute can be set to true in the device node of the related
device inside the devices ROM delivered to the platform driver.
This is useful for drivers, which only enable and initialize
their device, and can be closed afterwards.
Ref genodelabs/genode#4654
To enable other irqchip declarations beyond the lx_emul generic code base,
make the ARM specific initialization routine public.
Ref genodelabs/genode#4651
With "grub2: update to newer grub2 2.06 version" a regression slipped in
which makes the ISO not bootable on real hardware. The commit reverts to
the previous behaviour, to load the GRUB2 modules after boot later one by
one in the ISO format case.
Fixes#4647
Prevents errors like follows.
/bin/bash: arch/arm64/crypto/poly1305-core.S: No such file or directory
make[4]: *** [.../genode/repos/dde_linux/lib/mk/spec/arm_64/wireguard_lx_inc_dirs.mk:17: arch/arm64/crypto/poly1305-core.S] Error 1
Reintroduce:
USB Attached SCSI devices might expose a bulk-only interface
as fall-back at interface 0 and alternate setting 0. This commit
allows for probing all alternate settings of the active interface
to be able to use such devices.
The configuration was extended so that in case the device interface
is known beforehand the driver can be configured accordingly.
Additionally:
Perform configuration reset upon sessions close in order to bring USB
device to a well defined state.
fixes#4494
The NOVA kernel and Genode's roottask core are configured to be runnable
with up to 64 CPUs (MAX_SUPPORTED_CPUS in core resp. NUM_CPU in kernel).
On machines with more CPUs a reset occurred. The commit checks for this
case, bootstraps the first 64 CPUs only, and sends all other CPUs to
sleep.
Also, the platform_info ROM size is increased to host information about
more than 32 CPUs.
Issue #4640
If `select_from_ports` is evaluated lazily, we might miss a port during
the dependency check. A way to prevent this is to use the `:=` operator.
Fixesgenodelabs/genode#4618
Implement the guest code in dedicated assembler source file, assemble
and link the binary to vmm_x86. The resulting guest-code binary
populates one page that is mapped to host the reset vector of the guest.
This approach simplifies future guest code adaption resp. extension,
e.g., to test rdmsr/wrmsr exiting.
Fixes#4638
plain_decorator_theme.tar is not linked to the app but must be generated
as side effect. Therefore, use CUSTOM_TARGET_DEPS to trigger the
generation.
Fixes#4637
This reverts commit 9a37ccfe29 except for the
new declarations in public headers (in order to not change any APIs again).
We revert the commit as we found that there are corner cases in which it
produces a bad UDP checksum. The bad UDP checksum was observed via Wireshark at
a TFTP server in a Sculpt 22.10 Debian 11 VM on the first request of fetching a
file with the TFTP client of the uboot on our iMX8 test board.
Ref #4636
According to OpenBSD's azalia driver some AMD HDAudio devices do not
play nice with MSIs although the capability is set. At least the
0x1457 device was tested and worked using GSIs only.
genodelabs/genode#4578
During initialization _handle_link_state may be called concurrently from EMT and
"nic_ep" (signal handler). Therefore, sent signal to "nic_ep" instead of calling
_handle_link_state from EMT thread.
issue #4632
Some DHCP clients (Debian VM in Sculpt) persistently store the last lease they
obtained and try to directly DHCP REQUEST it on a new startup whithout doing
DHCP DISCOVER beforehand. In case the NIC router doesn't know about the lease
anymore (timeout, new router instance), the router used to just ignore the DHCP
REQUEST. This led to significant delays in the network startup of the client
(delayed retries until give-up and DHCP DISCOVER). With this commit, the router
answers such packets with a DHCP NAK instead, causing the client to directly
switch to DHCP DISCOVER.
Fixes#4634
This patch removes the intermediate querying of the depot while the
installation of packages is in progress. This avoids misleading warning
messages and reduces superfluous file-system load during the
installation of large packages.
Issue #4631
On-demand initialization prevents read-write operations on BARs of
invalid devices at construction time, which may result in surprising
behavior later on, for example, when resetting X260 notebooks via ACPI
information.
These utilities simplify the control of clocks, resets, and power
domains from within the platform driver.
This is needed when driving a low-level device directly from the
platform driver, for example for driving the mbox mechanism to access
the system-control processor of the PinePhone.
This patch reflects both the pci_decode results and the platform
driver's aggregated device information in Sculpt's /report/drivers/ in
the form of pci_devices and devices files respectively.
The configured 'st_blksize' influences the sizing of the FILE buffer,
see '__swhatbuf()'. Increasing the blksize hint can lead to larger
'fread()' requests and in return to fewer roundtrips.
This commit updates the driver from version 6.6 to 7.1. In contrast
to the old driver the new one will now probe all available HDA devices
and will drive the first usable one, e.g.:
```
[init -> audio_drv] azalia0 [8086:160c]
[init -> audio_drv] :
[init -> audio_drv] azalia0: no supported codecs
[init -> audio_drv] azalia1 [8086:9ca0]
[init -> audio_drv] :
[init -> audio_drv] azalia1: codecs: Realtek ALC292
[init -> audio_drv] audio0 at azalia1
```
Fixes#4629.
Implemented as depicted in the OpenBSD driver, register description
found in 'AMD SB700/710/750 Register Reference Guide'
(43009_sb7xx_rrg_pub_1.00.pdf).
Issue #4629.
Instead of using a global value to enumerate the MSIs, use a function argument
instead. Whenever the process of PCI device reporting gets started again,
due to an initially too small report buffer, the MSI enumeration value is reset
again. Formerly, we wasted MSI numbers.
Ref genodelabs/genode#4628
Don't skip IRQ reporting if legacy IRQ/GSIs are not supported as the
device may support MSI/MSI-X exclusively.
The commit also enables reserved_memory reporting of devices without
IRQs.
Ref genodelabs/genode#4578
Until now, the /config/system ROM was not handled by the sculpt manager
but solely managed by the user. Its main purpose was the ability to
reset or power-down the machine by manually modifying the 'state'
attribute. However, down the road, we'd like to enable the sculpt
manager to drive this state, e.g., to implement the multi-staged
loading of drivers, or to drive suspend-resume states.
The support such scenarios, the 'system' state has been moved from
/config/system to /config/managed/system.
* Add EHCI PCI quirk
* Add UHCI reset to UHCI quirk
* Apply all PCI quirks in order of the PCI bus numbering
otherwise the machine might stall
Ref genodelabs/genode#4578
Instead of allowing the client to set a caching attribute
in the io_mem() call of the device interface, which was
only used to decide in between of the memory being
write-combined or not, remove it from the API.
Instead use the information delivered by the devices ROM,
whether memory from a PCI BAR is prefetchable or not,
to decide whether it is mapped write-combined or not.
Ref genodelabs/genode#4578
Memory descriptors in PCI BARs have a prefetchable bit, which can
be used to optimize memory access when setting, e.g. write-combined
in page-table entries.
Ref genodelabs/genode#4578
The DHCP client used to always send packets with a size of 1024 regardless of
the size of the actual content, which was always significantly lower. 1024
bytes was simply a guess to provide enough space for all types of DHCP client
packets. As we know the exact size of each packet the DHCP client sends even
before packet creation, this commit makes use of the knowledge resulting in
much smaller packets sent by the DHCP client.
Fixes#4619
On some Cortex A9 platforms (Qemu 4.2.1 PBXA9), the IRQ status register is not
reliable. Sometimes, it indicates an IRQ too early, i.e., shortly before the
counter wraps. Therefore we have to accomplish wrap detection via counter
comparison only. We check whether the current counter value is higher than the
start counter value of the current timeout.
However, this implies that we have to take care to always read out the counter
before it hits the max timout value again. And, therefore, the max timeout
value has to be far away from the first value the counter has after wrapping.
Consequently, we propagate a max timeout value of half the max counter value.
Fixes#4209
* Remove wrapper for legacy x86 platform API
* Move PCI configuration space quirks to corresponding driver
(pc_usb_host_drv, pc_wifi_drv, pc_intel_fb_drv)
* Adapt driver test run-scripts to changed configuration
Ref genodelabs/genode#4578
Consumes the information about reserved memory region reports from
the devices ROM, and adds appropriated mappings to the corresponding
device PD.
Ref genodelabs/genode#4578
We need the information about reserved memory region reports
from the ACPI tables within the platform driver to pre-fill
IOMMU tables with the corresponding mappings. Therefore,
the pci_decode component now parses the information from the
ACPI ROM, and adds "reserved_memory" nodes to all related
devices in the devices report.
Ref genodelabs/genode#4578
In case of the GPU multiplexer, we need to delegate MMIO memory
to the framebuffer client in form of a managed dataspace. To be
able to attach a given Platform::Device::Mmio object to a region map
we need to access its capability.
Ref genodelabs/genode#4578
* Modernize routines, eliminate pointers, use constructibles, etc.
* Use absolute time instead of relative time consumption when
updating the scheduler
Ref genodelabs/genode#4151
This commit fixes two issues with the timeout lib and the base-hw src recipe:
* Add source files of timeout lib to recipe content.
The files weren't copied to the depot until now. However, the archive
nonetheless built successfully because of the second issue that is described
below.
* Get rid of the usage of the BASE_DIR variable in the timeout lib.
The BASE_DIR variable always resolves to the repos/base directory even when
building in a depot. That said, the use of BASE_DIR in make-files that are
not part of the build system itself must be avoided. Instead, REP_DIR,
REP_INC_DIR, and $(call select_from_repositories, ...) should be used.
Ref #4209
This commit gets rid of the router-local wrapper of Genode's AVL string tree
and replaces it with Genode's new Dictionary structure. The Dictionary is now
used for managing domains and NIC clients. Due to this change, the formerly
necessary helper classes Domain_base and Nic_client_base could be removed as
well.
Ref #4610
When creating an Irq connection to a component (not core), e.g. a pin
driver, we typically need a to provide a session label in order to apply
a session policy and to distinguish multiple sessions from the same
component.
genodelabs/genode#4606
This is a follow-up commit for "menu_view: configurable alpha channel
and bg color", which simplifies the code. The '_no_alpha' surface is not
needed because the 'Gui_buffer' provides a 0x0 alpha surface when using
the opaque mode.
The default file-system communication-buffer size of 128 KiB combined
with the clamping of requests to 1/4th the buffer size results in the
fragementation of read operations into 32 KiB chunks. This is overly
conservative and causes high context-switch overhead down the storage
stack (vfs server -> part_block -> block driver).
Related to #4613
With the increase of MAXPHYS, the rump kernel requests a contiguous
allocation of 2101248 bytes, which exceeds the allocator's block size of
2 MiB.
Error: backend allocator: Unable to allocate memory (size: 2101248 align: 12)
The patch avoids this corner case by increasing the allocator's block
size to 4 MiB.
Fixes#4613
The NIC router README claims that the 'dns_config_from' attribute in a DHCP
server configuration binds the propagated link state of all interfaces at the
domain of the server to the validity of the IP config of the domain that is
given through 'dns_config_from'.
However, this was not true. The router missed to implement this detail which
led to clients of such a DHCP server sending DHCP DISCOVER packets too early.
These early DHCP DISCOVER packets were dropped by the router potentially
causing a big delay until the client started a new attempt. Unnecessary long
network boot-up delays were observed with at least the lwip run script and
Sculpt on the PinePhone and could be tracked down to this former
inconsistency in the router.
This commit fixes the inconsistency.
Fixes#4612
This patch changes the access of pkg-archives files such that the file
read only once per pkg, not for each ROM module used by the package.
Issue #4611
By caching directory listings, the performance of depot_query is no
longer impeded by a massive amount of stat calls while searching for ROM
module locations.
Issue #4611
Upon closer inspection of real-world access patterns, it turns out that
the 'Stat_cache' and 'Cached_rom_query' are not as effective as hoped
for because cache hits are rare while querying pkg blueprints.
However, by increasing the initial size of the blueprint reporter from 4
KiB (default) to 64 KiB has a great effect. With the small default
report size, the querying of blueprints is repeated until the buffer
size suffices, incrementing the buffer size by 4 KiB in each iteration.
Issue #4611
The new 'Dictionary' provides an easy way to access objects using
strings as key. The 'String' received the 'operator >' to simplify the
organization of strings in an AVL tree.
The patch removes the former definition of the 'operator >' from the
platform driver because it would be ambigious now.
Fixes#4610
This patch avoids repetitive depot queries at the start of the Sculpt
system.
We don't need to trigger a query unconditionally whenever the
managed/deploy changes because the call of 'handle_deploy' triggers a
query when needed.
We don't need to trigger a query once the prepare step is completed
because the depot_query component is spawned at this point. The initial
blueprint produced by the depot_query component, in turn, triggers the
'handle_deploy' mechanics in the sculpt manager.
The constructor of the Sculpt manager's 'Main' does not need to call
'depot_deploy' because the prepare step - which is a precondition for
the deployment - cannot be completed at this point anyway.
Do not advance ring buffer positions when playing silence, additionally
to not send progress signals when playing silence. Silence implies
underrun in the client side - not progress.
issue #4609
In case a driver is waiting for data, is should only investigate 'pos'.
It should not advance the ring in any way until there is data available.
issue #4609
This patch consolidates the repetitive error handling across the RPC
functions, which take node handles or directory handles as arguments.
During this change, I noticed that directory handles - which are values
provided by the client - were not checked for their type before being
used. A misbehaving client may open a file, manually construct a
directory handle using the number of the file handle, and invoke a
directory operation at lx_fs, which would then wrongly access a file
node as directory node.
This patch solves this issue by introducing two distinct methods
_with_open_node and _with_open_dir_node, which perform the respective
safety checks.
Fixes#4608
Creating and destructing an interface was not considered a change of its real
link state as defined in the description of the <report link_state_triggers="">
config attribute in the router's README. In case of Uplink sessions this is
obviously a problem as they communicate their real link state through session
lifetime. But also in case of NIC sessions it's a possible to create an
interface that is immediately "up" after creation or destruct an interface
without its link state going "down" beforehand.
Taking into account also the practical application of the
<report link_state_triggers=""> attribute, reporting only on destruction and
construction of interfaces that are "up" seems shorthanded. This is because a
report-receiver most likely needs to be able to synchronize the lifetime of
the objects that keep track of the link states with the lifetime of the
corresponding sessions.
That said, with this commit, the router triggers a report update on each
session construction/destruction when <report link_state_triggers=""> is
set.
Fixes#4462
The NIC router used to generate reports triggered by IP config changes or link
state changes synchonously, i.e., inline with the activation context that
caused the change. This has two disadvantages. First, it can lead to an
excessive number of report updates in situations with quick bursts of
triggering changes. In such situations it is preferable to collect the changes
and reflect them with only one final report update.
Second, synchronous reporting may happen while the router is in a state that
leads to an incorrect report (e.g. during reconfiguration). To prevent this
from happening, the router so far explicitely switched off reporting when
entering incoherent states and back on when leaving them. However, this
solution is error-prone as the exclusion windows must be maintained manually.
Both issues can be solved by not directly generating a report when necessary
but instead submitting a signal and letting the signal handler do the work in
a dedicated activation context.
Ref #4462
This patch splits the querying of the number of directory entries from
the directory's 'status' information. Subsuming the number of directory
entries as part of the status makes 'stat' calls too costly for some
file systems that need to read a directory for determining the number of
entries. So when stat'ing the entries of one directory that contains sub
directories, all entries of each sub directory are visited.
Thanks to Cedric Degea for pointing out this performance bottleneck!
With this change, the 'status' function returns a 'Status::size' value
of 0 when called for a directory handle.
Fixes#4603
This patch splits the former DEPOT=omit option into two variants.
The new 'list' option behaves like the former 'omit' option, skipping
the creation of the tar archive from the depot content referenced by the
deploy configuration but showing a list of depot archives that need to
be published for the deployment.
When specifying 'omit' in th new version, the local depot is not queried
for the packages referenced in the deploy configuration. So the
deployment can refer to packaged hosted only remotely.
Fixes#4605
Tracing must be inhibited in attach/detach as RPC trace points may
trigger attachment of trace dataspaces, which would result in nested
mutex acquisition.
This prevents errors in test-trace_logger like follows.
[init -> depot_autopilot] 0.140 [init -> dynamic_rom] Error: deadlock ahead, mutex=0x500e6f00, return ip=0x50053ed7
Fixes#4607
The DHCP client of the NIC router used to end up in an uncaught exception if
an IP address in the DNS server option of a DHCP ACK was invalid. This commit
makes the 'Dns_server' constructor (where the exception originated from)
private and instead introduces a public lambda method 'construct' that calls
one lambda argument on success and another on failure. This is also in line
with the most recent changes to the 'find_by_*' methods of other classes in
the NIC router and contributes to the goal of reducing expensive exception
handling.
Fixes#4465
The Interface class of the router is an abstraction for NIC client sessions,
NIC server sessions, and Uplink sessions. Nonetheless, Interface generally used
to use the packet stream types of the Nic namespace and it worked because the
Uplink packet stream types are factually the same (the are typedef'd from the
same base type templates with the same parameters).
The initial intention of this issue was to remove dependency on the diverse
packet stream stream types from Interface. However, this turned out to be more
tricky than thought. The Interface class calls function templates on the packet
stream types, making a generic virtual interface impossible. And moving the
calling code to the session classes as well would produce a lot of redundancy.
Therefore, this commit removes only the use of the Nic namespace in the
interface.* files by typedef'ing the packet stream types from the generic
Genode type templates with the same parameters as in Nic and Uplink.
Fixes#4385
The libc kernel used to silently go on if one of the files given through
stdin/stdout/stderr or <fd path=""> was missing (with possibly vital
functionality for the component not working). A pointer to the presumably
simple configuration issue of the underlying scenario was not given to the
user.
With this commit, the libc kernel prints a descriptive warning before
proceeding with the invalid file descriptor
Fixes#4218
The libc kernel used to end up in an uncaught exception if one of the
directories in the paths given through stdin/stdout/stderr or <fd path=""> was
missing. The resulting error didn't point the user to the presumably simple
configuration issue of his scenario in any way and killed the affected
component.
With this commit, the libc kernel prints a descriptive warning instead and
simply continues to run the component with the corresponding file descriptor
missing. At least in case of stdin/stdout/stderr, the libc deals gracefully
with this approach.
Ref #4218
If provided with a config that does not include a `<static>` or
`<common_routes>` node, depot_deploy exits due to a `Nonexistent_sub_node`
exception. Instead, we should output a more useful warning.
Fixesgenodelabs/genode#4600
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.
genodelabs/genode#4600
This patch refines the rules for generating a base-hw src archive
for a given board by enumerating the content of the lib/mk/spec/*
directories instead of including entire directories. This avoids
the inclusion of lib.mk files found in SoC-specific repositories
(like genode-allwinner) in the kernel source archives.
When building a binary archive from such a src archive with the changes
of issue #4599, the build system would otherwise try (and fail) to build
the libraries for the accidentally included lib.mk files.
The 'file' library makes the gems API depend on the libc, which is not
desireable because most users of the gems API have no direct libc
dependency.
With the changes of issue #4599, the build of each src archive that
depends on the gems API would attempt to build the 'file' library and
thereby demand the libc.
Note that the 'file' library is a relic that should better not be
promoted as part of the gems API. Hence, this patch removes the file
library from the gems API and adds it to the src archives of the few
remaining users.
Issue #4599
The 'base-linux' API is used by hybrid Genode/Linux programs for the
lx_hybrid library. This API archive happend to contain other libraries -
like seccomp - that are solely needed for building core. With the change
of the build system in issue #4599, the build system would attempt to
build all libraries instead of merely the library dependencies of the
available targets. Hence, it would trigger the build of, e.g., the
seccomp library for each user of the base-linux API.
This patch avoids these superfluous build steps by pruning the content
of lib/mk/ to the libraries actually needed for lx_hybrid users.
Issue #4599
The ld.lib.so stub library generated by base/lib/mk/ld.mk has no
purpose at runtime. On the contrary, it must not be integrated into the
boot image because its name collides with the kernel-specific dynamic
linker.
The build system automatically announces the names of shared libraries
as build artifacts. However, in rare cases, it is required to manually
define them. In particular, the 'ld' stub library plays no role at runtime
and should not be integrated into the boot image.
This patch adds a customization hook following the same pattern as used
for target.mk files, namely the BUILD_ARTIFACTS variable. If defined,
its value is taken as the list of boot artifacts generated by the
library-description file.
Issue #4368
This patch adds special handling for lib/<libname> arguments to the
build system, which supersedes the former LIB=<libname> mechanism.
Whereas the old mechanism was limited to a single library, the new
convention allows multiple library arguments, similar to regular
targets. The change brings the two immediate benefits.
First, the streamlining of library and target arguments allows for the
building of libraries via the 'build' command of the run tool.
Second, it alleviates the need for pseudo target.mk files for building
shared libraries that have no direct dependencies, in particular VFS
plugins.
Since this change eases the explicit creation of shared libraries
from run scripts, we may reconsider the automatic implicit building
of shared libraries driven by targets. E.g., while developing a Qt
application, a run script could import the Qt libraries from the
depot and combine those with the developed (fresh built) target without
triggering the build of the Qt libraries in the build directory.
When issueing 'make' without arguments, all targets are built. This
patch applies this behavior to libraries as well, thereby removing the
need for the base/src/lib/target.mk pseudo target as used by the CI
tools to build all libraries.
Note that target.mk files located under src/lib/ are no longer
reachable. Therefore, all run scripts that used to trigger the
build of a shared library via a pseudo target must be adapted.
E.g., 'build lib/vfs/tap' must be replaced by 'build lib/vfs_tap'.
With this patch, the LIB=<libname> option is no longer supported.
Fixes#4599
changes. The alternative settings get reread on all interfaces as done before
"qemu-usb: fix device endpoint update" commit by introducing specific
reset_alt_settings function. The fallthrough case was intentionally before
the "qemu-usb: fix device endpoint update" case, which now is wrong.
Issue #4596
This style is used by the upcoming phone version of Sculpt for GUI
elements that are supposed to stand out a little bit more than the
regular frame style.
This patch enhances menu_view with the optional configuration attributes
'opaque' and 'background'. Setting 'opaque' to "yes" suppresses the use
of the alpha channel at the GUI session. This improves the drawing
performance by 20% on the PinePhone. Since the menu_view uses the
gems/gui_buffer.h utility, the 'Gui_buffer' received a new 'Alpha'
argument at construction time.
The 'background' attribute can be specified to define the reset color of
the GUI buffer. It alleviates the need to create a frame widget for the
top level.
The patch also switches the optimization level for compiling menu_view
to -O3, which increases the drawing performance on the PinePhone by 30%.
Fixes#4592
This change increases the quota to allow the use of bigger fonts, and
tweaks the style such that the keyboard gets a decent appearance on the
PinePhone's 1440x720 display.
This patch adds principle support for using a USB-net modem as
mobile-data uplink. The change is motivated by the upcoming phone
manager for the PinePhone where the modem serves as the primary network
uplink. For the regular PC version of Sculpt, the feature is not needed
(hence remains disabled) because USB net can be deployed from a package
as described in:
https://genodians.org/jschlatow/2021-07-21-mobile-network
The patch also renames the "Local" network option to "Disconnected" to
be more intuitive.
By decoupling the network dialog's menu view from the 'Network' class,
we become able to host the network dialog in the same menu view instance
as other dialogs.
This patch allows the sculpt manager hosted in the leitzentrale
subsystem to observe the toggling between the runtime and the
administrative GUI. This enables alternatives to the use of the
gui_fader for switching between both views. In particular, the
upcoming phone_manager toggles the visibility of its own GUI
depending on the leitzentrale state.
In a Sculpt system based on the upcoming phone_manager, the event filter
obtains its static configuration from /config/managed/event_filter.
Without the requirement for changes at runtime, there is no need to
have the phone_manager in the loop after all.
Without this patch however, this file was always initialized with the
template gems/sculpt/event_filter/default, which was presumably used
only at boot time until the sculpt manager has produced the first
generated event-filter configuration.
This patch applies the choice of optional configs - i.e., a custom
event_filter config - to both the config/ and the initial content of
config/managed/. So in cases where the /config/managed/event_filter
remains entirely static, the latter properly reflects the choosen
variant.
By using the new functions provided by the base API, this patch removes
the dependency of several components from include/decorator/xml_utils.h.
Issue #4584
The NIC router used to send an ICMP "Destination Unreachable" packet as
response to every unroutable IPv4 packet. However, RFC 1812 section 4.3.2.7
defines certain properties that must be fullfilled by an incoming packet in
order to be answered with this type of ICMP. One requirement is that the packet
is no IPv4 multicast.
This commit prevents sending the mentioned ICMP response for unroutable IPv4
multicasts and instead drops them silently.
Fixes#4563
This patch allows the leitzentrale subsystem to control an audio driver
hosted in the drivers subsystem. An example use case is the toggling of
the speaker during phone calls.
Instead of having a generic "virt_qemu" board use "virt_qemu_<arch>" in
order to have a clean distinction between boards. Current supported
boards are "virt_qemu_arm_v7a", "virt_qemu_arm_v8a", and
"virt_qemu_riscv".
issue #4034
Define custom analyses that can be imported into TraceCompass (>= 7.3)
for evaluating the traced component interactions and checkpoints.
genodelabs/genode#4352
The NIC router used to add the DNS servers field to DHCP replies regardless of
whether there were DNS servers or not. As reported by a Genode user, the empty
DNS server field irritated at least Windows 10 guests (Vbox 6) that connected
to the NIC router. This resulted in Windows 10 ignoring DHCP offers from the
router with such characteristic.
With this commit adding the DNS server DHCP option is skipped if there are no
DNS servers at the corresponding DHCP server or the domain IP config the server
shall fetch its DNS servers from.
Fixes#4581
Skip SET_CONFIGURATION requests if the device already has the selected
config as active config. This workaround prevents issues with Linux
guests in VirtualBox and SDC-reader passthrough.
Thanks to Peter for the patch.
The commit introduces means to mark a task for destruction that is
removed on the next scheduling cycle. This fixes stack leakage from
dynamic kworker tasks.
Issue #4575.
Provide additional PCI register information inside the pci-config part
of the devices ROM for clients able to access an Intel graphic card,
namely the GMCH control register content, which contains for instance
the GTT size and stolen memory size.
Ref genodelabs/genode#4578
Implement BIOS handover and Intel resume register update
apart from device driver to circumvent export of PCI
config space to drivers.
Ref genodelabs/genode#4578
The pci_decode has to extract the additional fields from the PCI configuration
space. The platform driver again has to parse and forward the knowledge too.
The PCI BAR indices are exported when info="yes" is set in the policy node for
the corresponding session.
Fixgenodelabs/genode#4577
The base address of I/O ports has a different encoding than
those of I/O memory. This needs to be encountered in the PCI
config helper utilities.
Fixgenodelabs/genode#4576
Under high TX load, 'irq_handler()' is rarely executed but packets
are still received since 'netdev_poll()' is called for every TX packet.
'netdev_poll()' not only handles completed transmissions but also
puts the IO buffers of received packets into the RX queue and refills the RX
ring by allocating more IO buffers. However, the IO buffers can only be freed
after they have been dequeued and passed to the 'rx_callback()'. Since
this was only done by 'irq_handler()', we exhaust the slab allocator
under high TX load.
A fix for this is to process the RX queue not only in the IRQ handler
but also when transmitting packets.
genodelabs/genode#4555
m/udelay is called with closed interrupts. Linux contrib code expects no
other task to be run respectively to be re-scheduled. usleep_range leads to
executing other tasks, which causes assertions in "spinlock taken twice" or
"unexpected preempt count" errors, seen on runtime with wifi_drv and intel_fb.
The assertion triggered with the changes by #4562.
On okl4, pistachio, sel4 the test didn't come up fast enough in order to still
experience the first configuration of NIC router #1. This commit doubles the
lifetime of the first configuration of NIC router #1 to 4 seconds and raises
the overall test timeout accordingly.
Ref #4555
* Move common SMP and NO_HZ_IDLE variables and functions into
generic lx_emul shadow implementations, and integrate them
into the common lx_emul import rules
* Enable SMP and NO_HZ_IDLE within virt_linux kernel configuration
* Adapt pc drivers and wireguard accordingly
* Use original Linux softirq implementation in wireguard
* Remove erroneous softirq shadow implementation
Ref genodelabs/genode#4540
Ref genodelabs/genode#4562
In overload situations, i.e. when a sender fills up the entire buffer, we land
in situations where the sender receives an ack_avail signal, releases one
packet, allocates and sends a packet and fails to allocate a second packet.
This is especially relevant if the receiver does not batch ack_avail signals
(such as vfs_lwip). In those ping-pong scheduling scenarios, the overhead from
catching the Packet_alloc_failed exception becomes significant. In case of the
NIC router, we will land in an overload situation if the sender is faster than
the receiver. The packet buffer will be filled up at some point and the NIC
router starts to drop packets. For every dropped packet, we currently have to
catch the Packet_alloc_failed exception.
This commit adds a new method alloc_packet_attempt to Packet_stream_source that
has almost the same signature as the older alloc_packet method but returns
an Attempt<Packet_descriptor, Alloc_packet_error> object. As the method already
used the allocator back end exception-less, changes on lower levels were not
needed. Furthermore, the NIC router was modified to use the new exception-less
alloc_packet_attempt instead of alloc_packet.
Ref #4555
Replaces the former implementation of the 'find_by_ip' method at the data
structure for ARP cache entries. This method used to return a reference to the
found object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4555
According to a benchmarking series on Zynq (base-hw) and x260 (base-nova) using
test-nic_perf_router, increasing the 'max_packets_per_signal' has a significant
effect on the packet throughput. By increasing the default value from 32
to 150, we could gain a few hundred Mbit/s. Increasing the value further
does not seem to have such a strong effect, though.
genodelabs/genode#4555
The checksums for forwarded/routed UDP, TCP and ICMP, used to be always
re-calculated from scratch in the NIC router although the router changes only
a few packet fields. This commit replaces the old approach whereever sensible
with an algorithm for incremental checksum updates suggested in RFC 1071.
The goal is to improve router performance.
Ref #4555
The checksums for forwarded/routed IPv4, used to be always re-calculated from
scratch in the NIC router although the router changes only a few packet fields.
This commit replaces the old approach whereever sensible with an algorithm for
incremental checksum updates suggested in RFC 1071. The goal is to improve
router performance.
Ref #4555
We used to use 'unsigned long' for the accumulating variable when calculating
internet checksums. However, 'signed long' is more in accordance with RFC 1071
and will allow us to share the same back end for folding, once we implement
incremental updating of internet checksums.
Ref #4555
Prevent public reflection of the only internally used 'init_sum' argument in
'uint16_t internet_checksum(...)' that, in addition, added a default value to
the function interface.
Ref #4555
When sending an ICMP ECHO reply, the router merely swaps SRC and DST of the
IPv4 header of the corresponding request and these changes cancel each other
out in checksum calculation. Therefore, with this commit, the router skips
updating the IPv4 checksum in this context.
Ref #4555
The router used to update IPv4 checksums when routing via an <ip> rule
despite the fact that it doesn't change any IPv4 header fields in this case.
Ref #4555
The NIC router used to update IPv4 and layer 4 checksums of a packet for each
interface it was sent to (say, all interfaces of the domain the packet was
routed to). However, there was and is no technical reason for not doing it
only once and then iterating over the interfaces with the already updated
packet. This is what this commit does in an intent to raise the router's
performance.
Ref #4555
The NIC router uses the timer for relatively coarse-grained timeouts.
It therefore suffices to update and store the current time when the NIC router
is signalled and use the cached time instead. This prevents frequent
syscalls or RPCs when acquiring the current time for every packet.
genodelabs/genode#4555
The link dissolve timeout is updated for every packet, which leads to
trigger_once() RPCs that only marginally change the scheduled timeout but
significantly slow down the packet throughput.
genodelabs/genode#4555
The wakeup call only emits a single signal as it assumed both are
handled by the same signal handler. However, the original implementation
did not reset the wakeup_needed variable properly.
genodelabs/genode#4555
When using signal batching, ack_avail and packet_avail should always
be emitted and preferred over ready_to_submit and ready_to_ack.
A signal receiver might decide to not register the ready_to_* signals when it
handles congestion by dropping packets. The Nic router is an example of
such a signal receiver.
genodelabs/genode#4555
Enables symetric-multi-processor support in the Linux kernel configuration
used as base for the driver ports for PC. This is done to be compliant with
common usage of x86 drivers today.
Moreover, this commit uses the original kernel source for softirq/tasklet
implementation to get rid of the insufficient shadow implementation
in the lx_emul sources.
Ref genodelabs/genode#4562
Prepare shadow implementations in spinlocks, pagetable defines,
and irq_stack assembler macros to be able to enable SMP on x86/PC.
Ref genodelabs/genode#4562
The test runs as lx_user task and uses several *delay and wait queue test
cases happened to be used in real ported linux drivers. The test shows
the time spent with several time sources, e.g. jiffies, rdtsc,
lx_time_counter_count etc.
Issue #4540
Use common implementation used by wifi and (not merged) audio driver.
Avoid usage of lib/delay.c since lpj and loop_for_jiffies are not calibrated
for the ported drivers as done on native Linux during boot and leads to wrong
delays for usb and intel_fb.
Issue #4540
Using the 'query_buffer_ppgtt()' function allows for retrieving the
virtual address of the buffer in the PPGTT.
This is for components that manage the GPU virtual addresses rather than
the client as is the case with the lima driver.
Issue #4559.
Adhere to include/linux/rcutiny.h behaviour, which sets the max timeout
for rcu_needs_cpu. Without the commit, in the most cases the timeout value
is zero (or random since the pointer is on stack uninitialized), which leads
to programming very short timeouts again and again, making the system never
idle.
Issue #4540
The box layout evenly distributes the child widgets according to the
number of children. This is not desired in the special case where a
child widget has a size of zero. The patch changes the layout algorithm
such that zero-sized widgets are not taken into account for distributing
residual space.
This patch replaces the former implicit "phonyness" of the rule by an
explicit .PHONY and installs a symlink from the target's build directory
to bin/ as is the usual practice for regular targets.
Related to issue #3972
The parent-provides model is destroyed if no <parent-provides> node is
found in the configuration, which resulted in
Warning: list model not empty at destruction time
and leaking memory for the allocated nodes. The commit now explicitly
empties the list model in the destructor of ~Parent_provides_model.
Note, the case is implicitly tested in pkg/test-init by step "denial of
forwarded session request" and <init_config version="empty">.
Thanks to Peter for reporting this issue.
Fixes#4547
Whenever a domain looses all its interfaces or the link state of all attached
interfaces is down at once, the domain potentially moves to another Ethernet
segment and should therefore consider its ARP cache to be outdated.
RFC 826 states that "... If a host moves, any connections initiated by that
host will work, assuming its own address resolution table is cleared when it
moves. ...".
Therefore, this commit introduces clearing the ARP cache and the initially
stated events.
This commit was motivated by an issue with the PinePhone Modem and USB NIC.
On the PinePhone, the Modem has its own OS and acts as direct gateway to the
outer world for the USB NIC that is driven by Genode. However, whenever the
Modem gets restarted, Modem and USB NIC receive a new MAC address. This used
to conflict with the NIC routers ARP entry for the Modem that didn't cease to
be valid.
With this commit, the integrator of such a scenario at least has a convenient
way of fixing this by ensuring that all interfaces at the USB NIC domain go
down when resetting (e.g. by ensuring that the USB NIC is the only interface at
that domain).
Fixes#4558
When creating a socket, fd flags can be specified by ORing them with the
socket type. Most importantly, the flag SOCK_NONBLOCK must be propagated
to the Socket_fs::Context in order to support non-blocking recv/send.
genodelabs/genode#4550
The 'iput()' function is called from '__sock_release()' when the sock
object has no valid file object. The release function on the other hand
is called when the supplicant closes a socket.
Fixes #xxx.
Replaces the former use of the 'find_by_name' method of the AVL string tree.
This method returned a reference to the found object and threw an exception if
no matching object was found.
The locally implemented replacement doesn't return anything and doesn't throw
exceptions. It takes two lambda arguments instead. One for handling the case
that a match was found with a reference to the matching object as argument and
another for handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Furthermore, this commit modifies the local wrapper for the insert method of
the AVL string tree, so, that it follows the above mentioned concept as well.
Ref #4536
Replaces the former implementation of the 'find_by_domain' method at the data
structure for NAT rules. This method used to return a reference to the found
object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
Replaces the former implementation of the 'find_by_port' method at the data
structure for permit rules. This method used to return a reference to the found
object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Furthermore, the commit introduces a convenience wrapper for finding the best
matching pair of transport rule and corresponding permit rule for a given
destination IP and port. This method as well follows the above mentioned
concept.
Ref #4536
Replaces the former implementation of the 'find_longest_prefix_match' method at
the data structure for direct rules. This method used to return a reference to
the found object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
Replaces the former implementation of the 'find_longest_prefix_match' method at
the data structure for direct rules. This method used to return a reference to
the found object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
Replaces the former implementation of find_by_id at the data structure for
links. This method used to return a reference to the found object and threw an
exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
The 'with_libc' call at this point is not necessary and could be
harmful as it forces the usage of the user stack for the driver.
All code depending on this distinction should only be executed
from within the pthread.
Issue #4537.
Querying the RFKILL state led to execution of the Lx_kit::scheduler by
the pthread running the wpa_supplicant. As this may not happen the
RFKILL state is now solely managed by the driver and only the cached
state is read by the supplicant.
Fixes#4537.
Just add riscv spec files. The riscv versions should use MMIO transport
as ARM versions do. They also should work fine for riscv_qemu machine
from genode-riscv repository.
To not integrate referenced depot packages when building a sculpt image,
just set the environment variable DEPOT= to be empty. This allows to produce
slim images to the price that you have to publish the packages yourself.
In that case the sculpt run-script reminds you, and prints the package
versions.
Fixgenodelabs/genode#4530
Make it configurable, whether on a hotplug event the current valid Genode
config for the driver will be re-evaluated. By default it will be re-evaluated.
Issue #4531
On connector unplug the overall resolution of all available active connectors
can shrink and must be considered to potentially re-create the Capture
connection with smaller resolution size. Additionally, update the documentation.
Issue #4531
acpica and the Intel display driver tries to use the Intel Opregion
simultaneously on Genode, which is not supported nor wanted for IO_MEM region as
which it is handled.
Attempts to remove the access to the region was not successful, since some
SSDT table contains ACPI AML code which is executed regularly and read/write
the Opregion.
The patch adds support to read in a copy of the Intel Opregion done by the
acpi_drv component. The copy was sufficient to make the Intel display driver
working to find and lookup the Intel VBT (video bios table) information to
setup all connectors on a Fujitsu U7411 docking station.
Fixes#4531
acpica and the Intel display driver tries to use the Intel Opregion
simultaneously on Genode, which is not supported nor wanted for IO_MEM region as
which it is handled.
Attempts to remove the access to the region was not successful, since some
SSDT table contains ACPI AML code which is executed regularly and read/write
the Opregion.
The patch adds support to make a copy of the Intel Opregion and report it as
is. The copy was sufficient to make the Intel display driver working to find
and lookup the Intel VBT (video bios table) information to setup all
connectors on a Fujitsu U7411 docking station.
Issue #4531
ACPICA needs access to the host bridge 0:0.0 on Intel, which is also
accessed by the Intel display driver. Since for the Intel display driver the
PCI device is specified in the policy explicitly, the PCI device is filtered
out for the ACPICA driver which uses the policy "ALL".
Issue #4532
This commit introduces a hypervisor calling interface. The host kernel can
use it to either switch to a guest VM, or to invalidate the TLB with
regard to a specified VM id.
The VM-specific TLB invalidation is called whenever a VM (Vcpu)
gets destroyed.
Fixgenodelabs/genode#4528
When a PD gets deleted check whether it is active on the current CPU resp. MMU.
If yes, switch to core/kernel's PD to prevent that invalid page-tables or
address-space IDs are still in use. Moreover, whenever we switch to an idle
thread, we switch to kernel/core's PD too. Thereby, we prevent that vanished
PDs are still active on CPUs different from the one, where the core entrypoint
is active, which does the PD deletion.
This whole scheme is only valid under the assumption that core has only one
entrypoint running on one CPU.
Fixgenodelabs/genode#4527
Do not only distinguish core and user threads, but the idle threads too.
Instead of a boolean value, introduce a new thread type.
Ref genodelabs/genode#4527
All access to PCI devices can be handled nowadays via the platform session.
The I/O port access seems also to work not properly on newer UEFI machines.
Fixes#4532
As accommodating the session component object is already taken care of
be the root component implementation, remove the remaining redundant
checks.
Fixes#4521.
Since unblocking the pthread directly may lead to corruption we need
to post-pone it. So we send a signal that should be handled by the EP
after the EP has finished its current line of work.
Fixes#4523.
Instead of allocating the stack via 'kmalloc' point it to the actual
stack used by the task. This addresses issues with the USB
host-controller driver where sometimes hub port enumeration is not
working.
Fixes#4522.
We locally disable 'address-of-packed-member' warnings because GCC complained
about possible alignment issues when returning a reference to a packed member
as naturally aligned pointer (for some reason only on arm_v8a). We know that
the member is aligned to NETDEV_ALIGN via __attribute__ and that the warning
is therefor unnecessary.
Ref #4519
We have to correct the CC_OPT_* variable for these files and used to do so via
phony pre-requisite for the corresponding object files because the correction
had to take place after the variable initialization in
import-lx_emul_common.inc and before the creation of the object files. However,
this caused the objects to always rebuild.
This commit fixes this issue by using Make's feature of target-specific
variables instead. The drawback of this solution is that we can no longer
override CC_OPT_* with a modification of its original value but instead have to
override with a completely new value. This is because otherwise, Make would
either complain about recursive assignment or produce an empty value.
Ref #4519
The strict conversion warnings were disabled during development when the
contrib code was still compiled with the wireguard lib. Now this isn't
necessary anymore as the contrib code is in the wireguard_lx_inc_dirs lib.
Ref #4520
With this commit, the WireGuard component exits with a descriptive uncaught
exception on invalid configurations or when the user attempts to re-configure
attributes that are not re-configurable (private_key, listen_port, interface).
This is particularly important when it comes to the not re-configurable private
key. If the component would just ignore the attempt to override the private
key, the user may come to believe that his old (potentially compromised)
private key is not in use anymore.
The fact that the component now exits instead shouldn't be a problem, as the
user would have to restart the component anyway in order to apply the new
attribute values.
The commit also extends the wg_reconfig run script to test that WireGuard
exits on the attempt to re-configure the private key.
Ref #4520
Support removing peers by removing them from the component configuration.
This commit also introduces the wg_reconfig run script that tests adding and
removing single peers.
Ref #4520
I used to set the peer flags to 2 when adding a peer but merely because I
observed that value in my reference Linux. I now found that the flag 1<<1 means
'WGPEER_F_REPLACE_ALLOWEDIPS' and is ignored whenever the peer is new. Anyway,
I keep setting the flag but with the clearer enum name because the wg tool is
doing it as well when adding new peers and we want to stay close to how the
original code interacts.
Ref #4520
Build description files that feature both an actual target and
CUSTOM_TARGET_DEPS happen to re-link the target each time whenever one
of the CUSTOM_TARGET_DEPS is phony, e.g., gems/src/app/menu_view/.
The re-linking of the actual target is of course not desired. By
triggering the creation of CUSTOM_TARGET_DEPS from 'all:' instead of
'$(TARGET)', the specified files do not implicitly become link
dependencies of the target.
Issue #3972
The extra definition introduced by commit:
"lx_emul & arm: define ZERO_PAGE" re-defined the macro included
by a header of the contrib sources. This commit removes the
contrib header and defines thereby missing macros.
Fixes wrong atomic_*(ptr) usage with u32 pointer introduced by
commit "lx_emul: eliminate wrong include pathes". Atomic read or
write is nt needed in our case, we always schedule cooperatively.
Since "Consolidate USB test run-scripts" usb_hid_raw.run depends on
depot archives. Therefore, '--depot-dir' and '--depot-user' must be
passed to the nested run tool to cover cases that customize the depot
(e.g., our nightly CI).
Issue #4511
Introduces the pkg/wireguard archive that depends on the new src/wireguard
archive and deploys one WireGuard component with an empty configuration (can
be configured by the user via a launcher, for instance).
Fixed#4519
Introduce an arch-specific wireguard lib that contains all code from the
former arch-specific target.mk files. This allows us to create a generic
target.mk that merely depends on the library and a dummy.cc file. The latter
ensures that building/linking of the target isn't skipped by the build system.
Ref #4519
The wireguard library's purpose is having a separate INC_DIR setting for the
files that need Linux include paths that would clash with Genode include paths.
Therefore, the name wireguard_lx_inc_dirs is more descriptive. Furthermore,
this allows us to create a new arch-specific wireguard lib in a future commit
in the course of preventing arch-specific target.mk's (a commonly used
approach in Genode).
Ref #4519
The driver wrongfully disabled all APs if it was configured with an
auto-connect list containing multiple APs when one of those was
disabled as a result of using wrong credentials.
This commit changes the way network enable- and disablement are
handled by only operating on the given access-point in question.
It also removes unused code touched by these changes.
Thanks to Peter for bringing this problem to our attention.
Fixes#4517.
There is a race between the trace subject doing the buffer
initialization and the monitor trying to iterate the buffer entries. If
the monitor tries to iterate entries of an uninitialized buffer, it will
read the very first entry twice. The monitor should therefore only start
iteration when the buffer has been initialised.
genodelabs/genode#4513
By declaring the generated menu_view_styles.tar archive as build
artifact, it is automatically picked up whenever menu_view appears as
build ingredient of sculpt.
build: app/menu_view
* Prevent page-faults when the active interface of a device got unset
during elimination of the device
* Resets devices, where a corresponding session got closed to
be re-useable when a new session gets opened
Ref #4512
* Instead of repeatedly spam the log with errors and
bring heavy load to the USB host controller driver
abort yourself when the device vanishs
Fixgenodelabs/genode#4515
With this commit, the Xoroshiro128+ PRNG in lx_emul/random.cc gets wrapped
by a new class that automatically re-seeds the PRNG with jitterentropy every
1024 * 1024 + random(0..4095) bytes of generated output.
Ref #4397
Both the Wifi driver and the WireGuard port used local implementations for
their source of randomness. Wifi used a Xoroshiro128+ PRNG for rapid generation
of random values but initialized this PRNG always with the same static seed
value. WireGuard, in contrast, requested each random byte directly from the
jitterentropy lib, which is considered to be very time intensive.
This commit removes the local variants of random.cc and introduces a new
centralized lx_emul/random.cc . The new variant combines the former approaches,
so, that jitterentropy is accessed only in order to generate a random seed for
a Xoroshiro128+ PRNG. Front-end requests for random values are then fulfilled
efficiently via the PRNG.
:Warning:
The output of the Xoroshiro128+ PRNG that is used in the new implementation of
the lx_emul randomness functions has known statistical problems (see
https://en.wikipedia.org/wiki/Xoroshiro128%2B#Statistical_Quality).
Furthermore, the integration of Xoroshir128+ with the lx_emul code was not
reviewed/audited for its security-related properties, so far, and has the
known deficiency of seeding the PRNG only once during initialization. Thus,
we strongly advise against the use of the lx_emul randomness functions for
security-critical purposes.
Ref #4397
This patch simplifies the use of the menu_view in scenarios where no
absolute motion events but only touch events occur. Previously, such
scenarios required the creation of artificial absolute motion events
via the event filter.
Issue #4514
The hover state is evaluated for the routing of input events. When
routing a touch event, the decision should be based on the most recently
observed touch position. Without this patch, however, the hover state kept
referring to the initial pointer position (screen center) in the absence
of any other motion events.
Issue #4514
A userland component that ports the Linux WireGuard kernel module (originally
from kernel version 5.14.21) and integrates it via a NIC session (public
network side) and an Uplink session (private network side). The
WireGuard-specific device configuration is done through the component
configuration. The port is done using lx_emul, lx_kit and the virt_linux
targets. The commit adds also 4 corresponding run scripts of which 3 are fully
automated of which 1 is added to the autopilot.
:Warning:
Although in principal functioning, the WireGuard port has not been exposed to a
sufficient amount of real-world testing, so far. Therefore, we strongly
recommend not to use it in any security-critical scenarios! There is no
guarantee that the port meets any of the security goals pursued by the
WireGuard protocol or other WireGuard implementations!
Ref #4397
The implementation was copied from the already existing LX-emul implementation
for x86 but the commit additionally page-aligns the array that serves as
backing store for the zero page as we assume this to be expected by the contrib
code. However, this commit doesn't apply the alignment also to the x86
implementation as we agreed, that this should be done in a separate commit.
Ref #4397
* Adds methods for copying raw data to the data field of Ethernet frames and
UDP packets. This is used in the port to wrap the higher-layer packet data
prepared by the contrib code with the additionally required headers before
sending it at a network session.
* Adds a method to cast raw data to an IPv4 packet. This is required in the
port in order to check values in stand-alone IP packets produced by the
contrib code before sending them at a network session.
* Adds methods for setting UDP ports given big endian port values without
having to convert to little endian in the app and then back to big endian in
the net lib.
Ref #4397
The driver did not allow for setting module parameters and so far
no one complained. Remove the option to prevent the misleading of
users.
Issue #4506.
Since Linux does not use the arch-independent spinlock structs for ARM,
we must use different members when accessing the lock value.
genodelabs/genode#4499
to work again. The drivers interactive package does not provide a Platform
service anymore, so remove the audio driver. A lot more mesa related libraries
are required now.
This commit de-duplicates the redundant dummy implementations and
to some degree also the 'lx_emul.c' implementations while also
decluttering the various 'dep.list' files.
The code is moved into 'src/lib/pc/lx_emul' where it becomes part
of the 'pc_lx_emul' library.
Fixes#4500.
Instead of each driver providing its own header file use a central
header as the initcall order header should cover _all_ provided
initcalls resulting from the used 'pc_linux' kernel config.
Note that the 'pc_linux' configuration was extended with the
'USB_USBNET' option because the module's initcall is needed for the
Genode C API for USB glue-code and the 'PACKET' option needed by
the wireless lan driver.
The lack of theses options was not noticed as each driver used its
own initcall header so far that stemmed from the initial porting
effort.
Issue #4500.
* Some fixups for the README
* Make config ROM const when used for the session policies
* Turn Reporter into Expanding_reporter
* Always first register ROM signal handler before parsing it the first time
Outsource parts of the Main object into a common compound object,
common parts of the Makefile description and depot source package.
Fixgenodelabs/genode#4503
* Parse PCI specific information from devices ROM
* Enable DMA, I/O memory and I/O port access dependent on BARs in config space
* Introduce device PD for Nova + IOMMU support
* Enable MSIs if available
* Add PCI specific policy rules
Fixesgenodelabs/genode#4502
Instead of returning an invalid device capability when a device
is (not yet) available, e.g. a PCI device is requested before the
PCI bus got parsed accordingly, we check the device capability
within the Platform::Connection utilities, and register temporarily
an Io_signal_handler to wait for changes of the devices ROM, and
try the device aquisition again. Thereby, simple drivers so not have
to take the burden to do so.
To enable this feature for all drivers, we always have to export a
devices ROM, but limit the information about physical resources
(I/O memory addresses, IRQ numbers, I/O port ranges) to clients with
'info=yes' in their policy description.
Fixgenodelabs/genode#4496
By adding a 'report' node to the platform driver's configuration
one can enable either devices or config reports. The devices
report contains all devices and their detailed state, as well as
whether it is already in use or not. The config report contains
one by one the current configuration of the platform driver.
Moreover, this commit adds a README file describing the facilities
of the platform driver.
Fixgenodelabs/genode#4386
If PCI devices happen to miss complete configuration after boot, the
platform driver supports <pci-fixup> nodes for concrete devices
(specified by bus-device-functions tuples). The
<bar> node instructs the platform driver to remap BAR id 0 to address
0x4017002000, which amends the BIOS configuration and is stringently
required for BARs with address 0.
! <pci-fixup bus="0" device="0x15" function="3">
! <bar id="0" address="0x4017002000"/>
! </pci-fixup>
The issue was discovered with Intel LPSS devices in Fujitsu notebooks.
Fixes#4501
This patch changes the libc to query the stack size from the
config attribute <libc> <stack size=""/> </libc> for regular
components, not only cloned processes.
To discharge the generic platform driver from certain PCI bus scanning,
and ACPI + kernel specifics, this commit introduces a new component,
which consumes the acpi drivers report and the platform_info from core
to prepare a devices ROM for the platform driver that contains all
PCI devices and its resources.
Fixgenodelabs/genode#4495
USB Attached SCSI devices might expose a bulk-only interface
as fall-back at interface 0 and alternate setting 0. This commit
allows for probing all alternate settings of the active interface
to be able to use such devices.
The configuration was extended so that in case the device interface
is known beforehand the driver can be configured accordingly.
Fixes#4494.
Deploying an overly large meta-pkg in Sculpt leads to an
'Xml_generator::Buffer_exceeded' exception. Using the expanding
reporter solves this problem.
Fixes#4493.
In case we are instructed to reauthenticate and were already
authenticated we ignore the request in the management layer
and let 'wpa_supplicant' deal with that.
Fixes#4488.
The vanilla NOVA kernel solely supports tracking and exporting of execution
times per SC kernel object, but not per thread (EC object). The commit extends
to track execution times per EC in the NOVA kernel, exporting it to Genode's
'core' roottask and populating Genode's Trace::Subject_info structure.
Fixes#4481
Remove handling of ACPI (SCI) interrupt from kernel and thereby let the
handling of the ACPI irq exclusively to an Genode driver. On Genode the ACPICA
library+app handles the ACPI irq, where we can now remove the contrib patches
related to the synchronization between NOVA kernel and ACPICA library.
Fixes#4479
When using the framebuffer driver on this machine the
'cpu_latency_qos_request_active' dummy is triggered. Removing the
trace-and-stop call makes the driver usable.
In addition, 'cpu_latency_qos_remove_request' is changed as well
although it is guarded by 'cpu_latency_qos_request_active'.
Fixes#4489.
This patch fixes rare freezes of menu view instances, which could happen boot
time whenever the leitzentale GUI happens to get initialized before the display
driver finished setting up a reasonable mode. In this case, the resolution-
dependent font size can temporarily get almost zero, tripping up the glyph
renderer.
Since the driver relies on all requests being Nvme::MPS_LOG2 aligned
as advertised in its Block::Info the added check will reject any
misaligned requests (using 'gpt_write' led to an IOMMU write fault).
Issue #4486.
2560x1440 resolutions require more RAM resources. Additionally, make
sure that the decorator 'init' receives enough CAPs to service the
decorator configuration.
fixes#4485
* Claim and release USB interfaces
* Collect URBs in flight in anchor list
* When releasing interfaces, wait until all
anchored URBs finally got killed successfully
Fixgenodelabs/genode#4483
In rare cases it is necessary to execute Linux contributed code
until certain work is finished, e.g. when in a synchronous RPC call,
a session construction or destruction a result is needed. Therefore,
we introduce a new lx_emul function called lx_emul_execute_kernel_until.
Ref genodelabs/genode#4483
To signal that a device gets used and released by a session
introduce claim, release, and release all callbacks in the
USB interface of the C-API.
Ref genodelabs/genode#4483
In case multiple devices shared the same memory-mapped I/O page
we have to take the offset into account. This commit fixes the
'pc_usb_host_drv' on the Thinkpad X201 where the two EHCI host
controller share the some I/O memory page.
Fixes#4477.
With the new usb driver #4399 and usage of the updated dde_linux lx_eml/lx_kit
approach a much higher rate of IRQ session construction/destruction and signal
handler assignment (irq->sigh) are caused. This trickles down to the kernel,
which causes an hang of the AMD IOMMUs due to not setting reserved bits
adequately. The commit fixes the root cause in the kernel and add a guard
into core's to limit such driver behaviour.
Fixes#4482
The file listed only enabled="false" in the audio adapter tag. However,
setting only this option to true isn't sufficient for guest audio to work.
One has to set also enabledIn respectively enabledOut in the same tag. The
new default vbox6 file reflects this.
Fixes#4476
This patch fixes a potential data corruption issue that could occur when
issuing large I/O requests to vfs/rump, which don't fit into the default
block I/O buffer of 128 KiB. Note that we haven't observed the problem
in practice (Sculpt hosts vfs/rump in a dedicated vfs server, which
fragments requests) but spotted the issue while reviewing the code. We
could trigger problem by explicitly changing the I/O buffer size to 32
KiB.
Issue #4474
This patch changes the meaning of the 'offset' parameter of the
'produce_write_content' and 'consume_read_result' hook functions.
The value used to reflect the absolute byte position but in practice,
a job-relative byte offset is desired.
Issue #4474
Before this commit, the block-request handler was implemented as
Io_signal_handler and, additionally, the USB driver called the
block-request handler on request completion directly on I/O level. This
is generally a bad idea because I/O handlers should avoid to have direct
global side effects. In contrast, application logic should be
implemented in way that it consumes atomic state changes after I/O
completed. Now USB I/O completion locally submits a signal to the
block-request Signal_handler.