This is a follow-up patch for issue #1784 that solves two
inconsistencies.
- The Vfs::Timestamp::INVALID matches File_system::Timestamp::INVALID
- The Noux libc plugin tests for Timestamp::INVALID instead of a
positive value.
The patch fixes the mtime info as shown in directory listings in
Sculpt's inspect window.
This patch let the VFS server reflect the session policy via the
writeable bit in directory entries instead of merely forwarding the bit
from the respective VFS plugin. This way, all files originating from a
read-only file-system session automatically appear in directory listings
as read-only files.
Related to issue #3507
required due to pthreads becoming/are an integral part of the libc now.
Commit avoids libc error:
Error: libc suspend() called from non-user context (0xaf5c784) - aborting
Issue #3550
'dlopen' causes the ldso to open ROM connections, right now we only
support single file names for these ROM not paths. Therefore, we extract
the file name from path within libc's 'dlopen'
fixes#3551
This is an intermediate fix to handle sends to sockets shut down by the
peer already. A final fix in the libc would add support for the
MSG_NOSIGNAL send flag, generate SIGPIPE, and return the expected EINTR.
Then this patch is no longer required.
This commit also drops the obsolete patch for missing
sysconf(_SC_NPROCESSORS_ONLN), which is now part of libc.
The VFS server as reworked in issue #3547 responds to such an attempt
with a failure as acknowledgement, triggering the client-side error
"Error: packet operation=2 failed" at noux.
This patch prevents the driver from translating Insufficient_ram_quota
and Insufficient_cap_quota exceptions to Service_denied exceptions at
session-creation time. This enables the client to respond to such a
condition by retrying the session creation with increased session quota.
Add a new plugin for creating pipes between pairs of VFS handles. It is
intended to replace the libc_pipe plugin, one of the last remaining libc
plugins.
In contrast to the libc_pipe plugin, this plugin defers cross-handle
notification until I/O signal handling rather than block and unblock
readers using a semaphore. This is a performance regression in the case
of multiple threads blocking on a pipe, but shall be an intermediate
mechanism pending renovations within the libc VFS and threading layers.
As a side effect, threads blocked on a pipe might not be resumed until
the main thread suspends and dispatches I/O signals.
The "test-libc_pipe" test has been adjusted to use the VFS pipe plugin
and tests both local pipes and pipes hosted remotely in the VFS server.
Merge adaptations (such as EOF handling, adjustment to VFS/libc
interface changes) by Norman Feske.
Fix#2303
This patch reworks the VFS server to become easier to understand.
- The packet-stream handling is hidden from the node types.
- Introduced the notion of a "job" as an abstraction from the raw packet
stream.
- The processing of requests is split into three phases:
(1) accepting new jobs,
(2) the execution of jobs, and
(3) the delivery of acknowledgements.
- There is no longer a global fifo of pending nodes. Instead, each
session has a fifo of "active" nodes, which are nodes that wait
for the completion of jobs.
- The Io_node type no longer uses virtual functions as hooks for
the derrived classes. Instead, it provides a number of utility
functions.
- The control flow of the 'Io_progress_handler' is now the same as
for the session-local packet-stream handler.
- Removed dependency from 'file_system/node.h', which is a relic
from the ram_fs.
While reworking the code, the following semantic changes were made
additionally.
- The handling of SEEK_TAIL no longer overwrites the file content at the
end of the file.
- Removed diagnostic message at session-creation time.
- Write loop for continuous files
Issue #3547
Issue #2303
This patch reduces the debug noise for the prominent case of executing
bash with coreutils. Without it, the forked process will always ask for
more RAM immediately when starting up.
This change allows for the conversion of directory entries in place
(i.e., in the VFS server) and anticipates the potential future merge of
both types into one.
Issue #3547
This patch improves the libc's write operation to iterate on partial
writes to continuous files until the original write count is reached.
The split of large write operations into small partial writes as
dictated by the VFS infrastructure (e.g., constained by I/O buffer
sizes) becomes invisible to the libc-using application.
Issue #3507
Issue #2303
Make sure that at least entry is present in the .dynamic section, so the
PT_DYNAMIC segment points to something valid in case there are no
dynamic symbols.
issue #3537
This patch adds the ability to call 'kill' with the own PID to trigger
the execution of the handler of the specified POSIX signal. This is used
by 'bash', e.g., when cancelling the input of a command via control-c.
Related to issue #3546
This patch equips the VFS terminal file system with the ability to
detect user interrupts in the incoming data stream, and propagate this
information via the new pseudo file '.terminal/interrupts'. Each time,
the user presses control-c in the terminal, the value stored in this
pseudo file is increased. Thereby, a VFS client can watch this file to
get notified about the occurrences of user interrupts.
Fixes#3546
The scratch buffer is now allocated from the heap and is shared
between the test as they are executed in a serial fashion. This
change saves memory as the test are constructed at start-up.
Fixes#3539.
This patch adds support for watch notifications for the
'Readonly_value_file_system', which is often used by VFS plugins to
implement pseudo files. It thereby enables VFS clients to respond to
VFS-plugin events (think of terminal resize) dynamically.
Fixes#3523
As genode.org site is now protected by TLS and unencrypted site
is redirected to enctypted one, download URL should be modified
to reflect this change.
Without this change, wget downloads just index.html file.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes#3538
It runs pretty well on Raspberry Pi, for example.
Leaving this scenario limited to x86 for autopilot runs only.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes#3536
Prevents integration failures like follows if the libraries were not
built already in the build directory.
Missing boot modules: libm.lib.so posix.lib.so
Makefile:323: recipe for target 'run/lwip_lx' failed
Passing array of unsigned chars to Genode::log() function
makes it converted to void pointer, resulting in printing its address.
Wrapping this array into Genode::Cstring solves this problem
and makes it being printed properly as zero-terminaled string.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes#3530
Uplink labels were stored in the uplink objects as reference. As uplink objects
may be re-used on re-configuration to avoid unnecessary closing and re-opening
of NIC sessions, the label reference could get invalid as the object that
stored the label content didn't get re-used. Thus, the label is now copied to
the uplink object.
Fixes#3529
This adds two new boolean attributes to the <report> tag of the NIC router
configuration 'link_state' and 'link_state_triggers'. The former decides
whether to report the link state of each NIC interface (downlink, uplinks) at
the NIC router. The other decides whether to trigger reporting each time the
link state of an interface changes.
Fixes#3527
If a MAC address was once allocated for a downlink and during the further
creation of the downlink an exception caused the creation to be aborted, the
NIC router didn't free the MAC address again.
Ref #3525
The handling of exceptions during session creation implies freeing and
detaching the RAM DS behind the session env and session component. But this
was done using the session env located in the same RAM DS, which must
lead to problems. Now, the session env from the RAM DS is copied to the stack
and the operations are done on this temporary instance instead.
Ref #3525
When the construction of a member of Packet_stream_*::Rpc_object after
the _cap member threw an exception, the object was not dissolved from
the entrypoint although the Rpc_object vanished at this point. This was
because the call to 'manage()' happened in the initializer list (for the
_cap member instantiation). The destruction of the _cap member then did
not dissolve the object.
This first fix moves the call to 'manage()' into the constructor body
after the instantiation of all other members. A more sophisticated fix
would use some kind of 'Managed_object' life-time guard that manages an
object on construction and dissolves on destruction.
Ref #3525
When re-configuring a domain from using a static IP config to using a dynamic
IP config, attached interfaces didn't react with doing DHCP discover. This bug
is fixed now and the nic_router_flood test was adapted in a way that it tests
the described behavior.
Fix#3518
This patch introduces a new scheme of handling ioctl operations that
maps ioctls to pseudo-file accesses, similar to how the libc maps socket
calls to socket-fs operations.
A device file can be accompanied with a (hidden) directory that is named
after the device file and hosts pseudo files for triggering the various
device operations. For example, for accessing a terminal, the directory
structure looks like this:
/dev/terminal
/dev/.terminal/info
The 'info' file contains device information in XML format. The type of
the XML node corresponds to the device type. E.g., If the libc receives
a 'TIOCGWINSZ' ioctl for /dev/terminal, it reads the content of
/dev/.terminal/info to obtain the terminal-size information. In this
case, the 'info' file looks as follows:
<terminal rows="25" columns="80/>
Following this scheme, VFS plugins can support ioctl operations by
providing an ioctl directory in addition to the actual device file.
Internally, the mechanism uses the 'os/vfs.h' API to access pseudo
files. Hence, we need to propagate the Vfs::Env to 'vfs_plugin.cc' to
create an instance of a 'Directory' for the root for the VFS.
Issue #3519
The run script used to be the only user of the fatfs_fs server, which
we're going to remove. This patch removes the components for accessing a
real storage device and file system from the run script. The new version
just uses ram_fs.
Issue #3512
Nowadays, we use standard command-line tools like vim to edit init
configurations dynamically, which alleviates the need for a custom CLI.
The CLI-monitor component was too limited for use cases like Sculpt
anyway.
The patch also removes the ancient (and untested for long time)
terminal_mux.run script, which used to be the only remaining user of the
CLI monitor.
Issue #3512
This driver manually checks if the RAM quota is big enough for the
Lan9118 nic session component. The problem is Root_component::_create
from which Root_component::_create_session gets called does already
check this. No need to account for it twice.
Fixes#3514
This patch extends the 'File_system::Status',
'File_system::Directory_entry', and the related 'Vfs' types with
the following additional information:
- Distinction between continuous and transactional files (Node_type)
(issue #3507)
- Readable, writeable, and executable attributes (Node_rwx),
replacing the former 'mode' bits
(issue #3030)
The types 'Node_rwx', 'Node_type' are defined twice,
once for the VFS (vfs/types.h) and once for the 'File_system'
session (file_system_session/file_system_session.h).
Similarly, there is a direct correspondance between
'Vfs::Directory_service::Dirent' and 'File_system::Directory_entry'.
This duplication of types follows the existing pattern of keeping the
VFS and file-system session independent from each other.
Moving the handling into the input-session clients enables more
sophisticated implementations (like Qt5) to apply key-symbol based
handling of those modifiers like correct CTRL-A with QWERTY and AZERTY
layouts and distinction of CTRL-J and Return.
Issue #3483
The API still exports 32-bit address and size values only, which works
as the actual MMIO resources are allocated in platform_drv internally.
Fixes#3494
Map ACPI tables entirely as one dataspaces (not page-by-page). Note, the
current approach does only merge overlapping but not consecutive I/O
memory regions, which would reduce the amount of capabilities required
even further.
Fixes#3495
With the added modification-time support in the libc, the extract tool
requires a timer session, which is not plausible for the purpose of the
program.
This behavior stems from the fact that the libc implicitly writes the
mtime when closing a written file. For this update, it implicitly calls
'clock_gettime', which in turn initializes the timer subsystem within
the libc (creating a timer session).
For the extract tool, the implicitly updated mtime is useless because
the extract tool overwrites this modification time with the mtime stored
in the archive anyway. However, the dependency from a timer service
remains.
This patch explicitly disables the libc's implicit updating of the
file-modification when closing a written file.
Issue #1784
By specifying <libc update_mtime="no"...>, the modification-time update
on VFS-sync operations (as issued whenever a written file is closed)
can explicitly be disabled.
Issue #1784
... and set initial time by using RTC session.
Up to now Noux used a monotic clock whose initial start value always
was '0' (which correlates to the start of the UNIX epoch) to provide
a notion of time. In addition it is now possible to use the RTC
session to set the initial value for use cases where having a proper
real-world time matters.
To use the RTC session the 'rtc' attribute of the '<config>' node
must be set to 'yes'. Thereby the session becomes a mandatory
dependency as Noux will not start without it.
Issue #1784
This patch complements the commit "libc: execve" with the ability to
execute files stored at arbitrary sub directories of the file system.
Issue #3481
Issue #3500
This patch removes ldso's builtin policy of removing any path elements
prepending the ROM module name. Instead, the ROM name is used as is.
This clears the way to access different ROM modules that share the same
name but are stored at different directories behind an fs_rom (e.g.,
/bin/bash vs. /usr/local/bin/bash).
Issue #3500
This patch replaces the naive dup2 implementation (that merely
duplicated the context pointer) by the replication of the original
FD state by re-opening the same file with the same flags and seek
position. This prevents a potential double release of the VFS handle
(the FD context). It also implements 'dup'.
Fixes#3505Fixes#3477
- Eliminate call of global libc_config()
- Remove dynamic memory allocation, const cast
- Prepare for moving the state from compilation unit to header
- Fix run/libc_getpwent.run
Issue #3497
This patch unifies the patterns of using the 'Genode' and 'Libc'
namespaces.
Types defined in the 'internal/' headers reside in the 'Libc'
namespace. The code in the headers does not need to use the
'Libc::' prefix.
Compilation units import the 'Libc' namespace after the definition of
local types. Local types reside in the 'Libc' namespace (and should
eventually move to an 'internal/' header).
Since the 'Libc' namespace imports the 'Genode' namespace, there is
no need to use the 'Genode::' prefix. Consequently, code in the
compilation units rarely need to qualify the 'Genode' or 'Libc'
namespaces.
There are a few cases where the 'Libc', the 'Genode', and the global
(libc) namespaces are ambigious. In these cases, an explicit
clarification is needed:
- 'Genode::Allocator' differs from 'Libc::Allocator'.
- 'Genode::Env' differs from 'Libc::Env'.
- Genode's string functions (strcmp, memcpy, strcpy) conflict
with the names of the (global) libc functions.
- There exist both 'Genode::uint64_t' and the libc'c 'uint64_t'.
Issue #3497
This patch is the first step of re-organizing the internal structure of
the libc. The original version involved many direct calls of global
functions (often with side effects) across compilation units, which
made the control flow (e.g., the initialization sequence) hard to
follow.
The new version replaces those ad-hoc interactions with dedicated
interfaces (like suspend.h, resume.h, select.h, current_time.h). The
underlying facilities are provided by the central Libc::Kernel and
selectively propagated to the various compilation units. The latter is
done by a sequence of 'init_*' calls, which eventually will be replaced
by constructor calls.
The addition of new headers increases the chance for name clashes with
existing (public) headers. To disambiguate libc-internal header files
from public headers, this patch moves the former into a new 'internal/'
subdirectory. This makes the include directives easier to follow and the
libc's source-tree structure more tidy.
There are still a few legacies left, which cannot easily be removed
right now (e.g., because noux relies on them). However, the patch moves
those bad apples to legacy.h and legacy.cc, which highlights the
deprecation of those functions.
Issue #3497
- readv_writev: move 'rw_lock' instance into a function scope,
constructing the instance on the first access.
- select: move 'select_cb_list' instance into function scope.
- thread: move 'key_list_lock' and 'keys' into function scope.
- rwlock, semaphore, socket_fs_plugin, thread, thread_create:
instantiate 'Libc::Allocator' per use, alleviating the need for a
global instance.
Issue #3496
Implement getifaddrs and freeifaddrs within the libc using socket
control files at the VFS. Add an "address" and "netmask" file to the
lwIP plugin.
Only a single IPv4 address is initially supported, and the broadcast
address returned will never be valid.
Fixes#3439
This adds complete character-generator configurations for English (US),
German (Germany and Switzerland), and French (France and Switzerland).
The configs are manually amended and stripped-down versions of
xkb2ifcfg generated configs.
Issue #3483
The Press event is actually a Press_char event with a default codepoint.
The default codepoint is now
Codepoint { Codepoint::INVALID } /* value 0xfffe */
in contrast to
Codepoint { Input::Event::INVALID } /* value 0 */
Issue #3483
This patch implements 'execve' in Genode's libc.
The mechanism relies on the dynamic linker's ability to replace the
loaded binary while keeping crucial libraries - in particular the libc -
intact. The state outside the libc is wiped. For this reason, all libc
internal state needed beyond the 'execve' call must be allocated on a
heap separate from the application-owned malloc heap. E.g.,
libc-internal file-descriptor objects must not be allocated or refer to
any memory object allocated from the malloc heap.
Issue #3481
The allocation of regions within the linker area is normally left to the
best-fit 'Allocator_avl', which happens to populate the linker area
starting with the binary followed by all loaded libraried with no gaps
in between.
When replacing the binary during execve, however, we need to ensure that
the new binary does not conflict with any library that stays resident
during execve. This patch tweaks the linker's region allocation scheme
such that these libraries are placed at the end of the linker area.
Issue #3481
This patch extends the interface of the dynamic linker with the ability
to replace the running binary executable by another one. It is
designated for the implementation of execve. The interface consists of
two new functions.
'Dynamic_linker::keep' marks the specified shared object as unloadable.
This can be used to pin a set of libraries (i.e., the libc) within the
local address space while replacing the binary and other higher-level
libraries.
'Dynamic_linker::respawn' unloads the current binary, loads the one
specifed as first argument, and looks up the entry point symbol of the
new binary, which would be "main" for POSIX programs.
In addition to implementing the new interface, the patch adjusts the
linker at various places that previously assumed the binary to be
constant over runtime.
Issue #3481
This patch is a follow-up commit for "ld: load dynamic linker at static
address on Linux". It suppresses the stderr output of 'dd' when marking
the ELF binary as executable.
Issue #3479
This patch enables the fork.run script to run on base-linux. It should
be regarded as an interim solution, however, because the randomization
performed by the Linux kernel may still - by chance - produce a
situation where one of the libc's malloc heap regions intersects with
another dataspace dynamically attached to the child.
The better solution would be to make the 'Region_map_mmap'
implementation not depend on the kernel's allocation policy by using a
locally implemented allocator.
Issue #3478
This patch extends the fork test with explicit checks for the cloned
content of the heap and RW segment as well as the seek position of an
open file descriptor. It adds the new libports/run/fork.run script
that exercises the fork mechanism implemented by the libc. It is based
on noux_fork.run, which tests the mechansim provided by noux. The
test program has been moved from ports to libports.
Issue #3478
The libc already supports the configuration of 'stdin', 'stdout', and
'stderr' using '<libc>' config attributes. This patch equips the libc
with the additional ability to pre-initialize any other file descriptor.
A file descriptor is configured as follows:
<config>
...
<libc ...>
<fd id="3" path="/dev/log" writeable="yes" readable="no" seek="10"/>
...
</libc>
</config>
Furthermore, this patch moves the FD initialization code from the VFS
plugin to the libc kernel initialization because opening the FDs
depends on 'malloc' ('strdup'), which should not be used at early
'Libc::Kernel' initialization time.
Issue #3478
This patch replaces the former use of an Allocator_avl with the Id_space
utility, which is safer to use and allows for the iteration of all
elements. The iteration over open file descriptors is needed for
implementing 'fork'.
Issue #3478
The new 'Heap::for_each_region' method provides information about the
heap's used virtual-memory regions. This method allows for the
mirroring of the heap state as needed by 'fork'.
Issue #3478
By specifying the config attribute 'check_ctors="no"', the dynamic
linker won't abort the program on a missing call of
'Env::exec_static_constructors'. This is the case for forked programs
where the ctors were already executed by the forking program prior the
fork operation.
Issue #3478
This patch enhances the 'base/shared_object.h' interface of the dynamic
linker with the function 'for_each_loaded_object', which allows the
caller to obtain information about the currently loaded binary and
shared libraries.
The new interface is a base mechanism needed for implementing 'fork' in
the libc.
Issue #3478
By using Genode::strncpy instead of the libc's strncpy, we cannot end up
in the situation where the result lacks the zero termination (where the
number of charactors equals the destination buffer size).
This patch handles the case where a PD's cap quota becomes exhausted
on the attempt to transfer caps via 'Env::pd().transfer_quota'. The
solution mirrors the existing code for RAM quota.
Prior this patch, the 'transfer_quota' operation would trigger an
'Out_of_caps' exception.
These are time-type conversion functions (including leap years and
seconds) taken from musl-libc git rev
c82d3bada30cb27e14abda7859da5d2e784830ff with some adaptions. Musl is
licensed under permissive MIT license.
Issue #3450
A client may register a signal handler to be notified whenever the
RTC value was changed, i.e., a mis-configured clock was synchronized,
by calling 'set_sigh()'.
Issue #3450
The GEMDOS variant is supported by NetBSD's msdos file-system driver.
However, it must explicitly be enabled by a mount flag. This patch
adds the principle ability for passing mount flags to file system
drivers and enables the MSDOSFSMNT_GEMDOSFS flag based on the
config attribute 'gemdos="yes"'.
Issue #3471
This patch enhances part_block with support for parsing the AHDI
partition scheme, and the detection of the GEMDOS variant of FAT as used
by Atari TOS. As a side effect of the implementation, the patch improves
the MBR parsing code by avoiding pointers and using const qualifiers.
Fixes#3470
This patch handles the situation where the usb_block_drv exits for any
reason, in particular when the driver fails to initialize the device. In
such cases, the usb_block_drv used to stay stale in the system,
effectively preventing the device from being passed to a VM. With the
patch, the USB storage device gets flagged as failed, the usb_block_drv
is removed from the runtime, and the condition is reflected at the user
interface.
This situation occurred on the attempt to access an iomega zip drive
with a version of the usb_block_drv without support for the START-STOP
command, but it may potentially also occur in other circumstances.
Fixes#3468
On Fujitsu S936, evaluating the _BIF method on each battery-info update
successively increased the RAM usage, while _BST (dynamic battery
status) and _STA (generic status) did not show this behavior. Therefore
this commit retrieves only dynamic information periodically (resp. on
SCI IRQ). Now, acpica hast static RAM usage in idle state for 24+ hours.
The root cause for the increased RAM usage is still shady. While it
could just be normal that it grows until a certain yet unknown limit,
there may also be memory leak in contrib code or some strange AML on the
designated notebook.
Issue #3454
This mode is used on Linux (if acpi=strict is not set on boot cmdline)
and Windows. The mode ignores certain errors and/or bad AML constructs.
1) Allow "implicit return" of last value in a control method
2) Allow access beyond the end of an operation region
3) Allow access to uninitialized locals/args (auto-init to integer 0)
4) Allow ANY object type to be a source operand for the Store() operator
5) Allow unresolved references (invalid target name) in package objects
6) Enable warning messages for behavior that is not ACPI spec compliant
Whether an SoC has the multiprocessing extensions can be read out
from the identification registers, and does not need to be specified
in each board header.
Ref #3445
The rtc_drv on x86 can now by used to also set the RTC. If the config
attribute 'allow_setting_rtc' is set to 'yes' the driver will update
the RTC from the content of the 'set-rtc' ROM module. A valid ROM must
contain a top node with the following attributes: 'year', 'month',
'day', 'hour', 'minute' and 'second'.
* Only rudimentary checking of the provided values is done.
* '12H' mode is not supported.
Fixes#3438.
This commit implements the ssh exec channel request. It also handles
some shortcommings on the interactive channel like exit and concurrent
session establishments.
Pipes into the channel do not work yet. E.g.:
echo foobar | ssh noux@localhost -p 5555 "cat > /rw/test.txt"
The issue described with FIXME in Ssh::Server::incoming_connection()
could not be reproduced and might have been fixed with the improved
file descriptor handling.
Fixes#3401
To enable the clipboard for a VM, add the following node to the
<Hardware> sub node of your machine.vbox configuration:
<Clipboard mode="Bidirectional"/>
Issue #3437
The triggering of a new depot query can happen more than once per
activation of the sculpt manager if multiple conditions call for updated
information about the depot. When this happens, the depot-query
component produces intermediate results, which are not consumed by the
sculpt manager. By deferring depot queries for a few milliseconds, we
avoid such intermediate queries, relieving the workload of the
depot-query component at system boot time.
Issue #3436
The diagnostic messages presented in the runtime dialog lacked the name
if the subsystem was created from a launcher, e.g., the 'vm'. Instead of
determining the subsystem name from the start-XML-node (a launcher has
no 'name' attribute but the name corresponds to the launcher's file
name), the name is now passed as a dedicated argument.
This patch enhances the noux_vim.run scenario to make it usable as a
testing ground of the terminal's and window manager's resize and
clipboard handling.
Issue #2079
The labels of clipboard ROM and clipboard report sessions of WM clients
must be consistent with the client's nitpicker label. Hence, we must
route those sessions through the window manager, analogously to the
approach taken for shape reports in #3165.
Issue #3437
When setting the config attribute 'match_labels="yes"', the clipboard
performs plausibility checks for copy and paste operations against the
nitpicker focus.
Issue #3437
The warning falsely detected cases where shared objects where loaded before
exec_static_constructors() was called as unneeded even in cases were the
binary itself contained static globals.
The commit also removes one redundant call to exec_static_constructors()
from the block tester.
This patch introduces two caches to the depot-query tool.
- A stat cache remembers the results of 'Directory::file_exists'
calls.
- The 'Cached_rom_query' caches the result of scanning the depot
for a given ROM module and pkg path. To elminates the need to
parse 'archive' files of pkgs referenced from other pkgs or
for the repeated instantation of the same pkg.
Both caches are bypassed whenever referring to the 'local' depot user.
Fixes#3427
When resizing windows of clients that respond very slowly to resize
requests, the window's size sometimes snapped back to its original size
immediately after finishing the drag operation.
The problem was caused by the interplay of the layout rules (obtained
via the 'rules' ROM, generated by the 'rules' report) and the
temporary interactive state that occurs during drag operations.
The rules are updated only at the time of releasing the button to keep
the overhead while dragging the window low. However, when releasing the
mouse, the (now outdated) rules kicked back into effect, triggering
resize requests for the window to its old size.
The patch solves this problem by decoupling the dragged state of a
window from the physical release of the button. The button release
triggers a transition from a DRAGGING to a SETTLING state and programs
a timer. In the SETTLING state, the windows behave as in DRAGGING state,
giving the interactive geometry precedence over the rules-dictated
geometry. During this state, further responses of window-resize requests
may come in and are handled like dragging was still in progress. After a
timeout, however, the current window layout is conserved as a new rules
report and the state goes back to IDLE.
For clients that takes a very long time (in particular, VirtualBox when
resizing the desktop, which takes sometimes multiple seconds), the
snap-back artifact can still occur, but the effect is reduced.
This problem surfaced with the new tool chain that changes the stack
layout. A pointer to the the config XML data was kept in the main object
but pointed to a stack variable. This patch fixes it by removing the
pointer.
Fixes#3416
This is a follow-up commit to the libc update. The FreeBSD
implementation of sigset or sigaction calls the __libc_sigaction now.
The patch fixes the SIGWINCH handling for Vim when interactively
resizing the terminal window.
Fixes#3424
- make port able to be prepared repeatedly
Rpcgen refuses to overwrite an already existing header, so try to
always remove it beforehand
- get rid of 'cp' warning 'cp: warning: source file
'src/lib/libc/sys/sys/time.h' specified more than once'
- silence patch message 'patch unexpectedly ends in middle of line'
Fixes#3420.
This patch adds the missing propagation of the maximized state from the
layout rules to the internal representation of a window. Without this
patch this state could be toggled by clicking on the maximizer button
only.
The decorator's detection of the hovered window element was inaccurate,
which resulted in "jumping" windows in some situations, ultimately
caused by a combination of three different mechanisms.
First, when moving the pointer into the area of a window, the decorator
would detect the hovering of the left border whenever the distance of
the pointer from the border was less than the half of the theme texture
(e.g., 64x64 pixels for the default theme). However, if the left border
margin is set to a small value (e.g., 1), there is an overlap of the
sensitive resize border area and the content. Hence, chances were quite
high that - when moving the pointer from the left into the window - the
hover report would contain the hovering of the left border.
Second, the window manager tries to hide pointer movements from the
decorator if possible. It informs the decorator of the pointer position
if any decoration is hovered or if a new window is hovered. But it does
not expose pointer movements within a window to the decorator. For this
reason, the decorator would not update the hover report as long as the
pointer stays within a once hovered window. In the situation described
above, the hover report would still contain the stale information about
the hovering of the left resize border.
Third, when the user clicks on the window, the decorator examines the
most recent hover report and - in the situation described above - finds
the left border hovered. Consequently, it initiates a window-drag
operation. While resizing the window with the left border, the window
layouter pins the right border of the window to its current position.
All window-size changes of the client will be applied towards the left
(dragged) border. In the case of the top view, which continuously
resizes the window by itself, the window would "jump". In reality, it
actually tries to respond an interactive resize operation. The window
layouter cannot guess that the client is not responding to window
layouter's resize request but is acting independently.
This patch fixes the jumping window problem for the case where the
pointer hovers the overlapping area of the resize border and the
content. However, when trying the to interactively resize the top window
via the bottom-left corner, the "jumping" can still be observed.
Fixes#3303
By decoupling the leitzentrale from the (contended) boot CPU, the fading
on F12 interferes much less with animations like nano3d deployed in the
runtime.
Fixes#3268
In the past, the core-only privileged syscall `update_pd` was used only
to invalidate the TLB after removal of page-table entries.
By now, the whole TLB at least for one protection domain got invalidated,
but in preparation for optimization and upcomingARM v8 support,
it is necessary to deliver the virtual memory region that needs to get
invalidated. Moreover, the name of the call shall represent explicitely
that it is used to invalidate the TLB.
Ref #3405
There are still nightly tests like test-tcp_bulk_lxip on sel4 x86_64 qemu
that manage to hit the test timeout of the run script although the test was
successful. So, raise the extra time added by the run script to 30 seconds.
Ref #3411
Some platforms (sel4 imx6/imx7) cannot manage to execute all tests in a single
boot. Thus, we re-boot them periodically after a given maximum number of tests
to avoid that arbitrary tests always fail due to the long uptime and not due to
the tests themselves.
If the maximum number of tests is set to 0, no limit is applied.
Fixes#3411
If a path element cannot be watched because it does not exist yet, the next
available parent directory is watched to detect the creation of the missing
path element. If a missing path element got created just between the failed
watch request for the element and the successful watch request for its parent
directory, the creation of the path element could remain unnoticed.
With this commit, 'fs_rom' tries to watch a path element again if the watch
request for its parent directory was successful.
Fixes#3398
The lazy-timer test depends on the faster-timer handler to be executed
before the fast timeout occurs, which was pretty hard to achieve on Qemu
and a busy host machine. Therefore, I increased the fast-to-faster
timeout ratio from 50/25 ms to 200/25 ms and set the test runtime to
4000 ms.
Move the _vfs_sync implementation from vfs_plugin.h to vfs_plugin.cc and
wrap all VFS access in the VFS_THREAD_SAFE macro.
Syncing must be made thread safe because it often happens when closing
files and may require suspending the current thread for I/O signal
dispatching.
Ref #3409
- use priorities solely with nova
- handle exceptions during vCPU creation
- avoid assertion in vga_vbda
- silence compiler warnings about outdated register keyword
Issue #3111
The terminal now got a configurable palette for 16 colors (8 normal, 8
bright/bold).
<config>
<palette>
<color index="0" value="#000000"/> <!-- black is real black -->
<color index="8" value="#101010"/> <!-- bright black stands out a bit -->
</palette>
</config>
Note, the old (undocumented) <color index="..." bg="..."> configuration
scheme is no longer supported.
Also, this commit adds a pleasing default palette that ensures
readability of ViM's standard hightlighting.
Fixes#3406
Instead of hosting our outdated own fork, this commit now uses kernkonzept's
nowadays available github source repositories. This hopefully simplifies
updates, or cherry-picking single fixes.
* isatty
For the moment it is not possible to determine if the fd belongs to a
tty. For whatever reasons, the check is done multiple times, e.g.
'tclsh', which will spam the LOG.
* sysctl(HW_FLOATINGPT)
FPU is enabled on all our platforms, so return true.
Fixes#3389.
Start and stop the DHCP state machine as the Nic link-state changes.
Invoke the link state handler during configuration rather than assume
that in the case of a downed link lwIP will defer DHCP until the link
comes up.
Additionally, support static DNS configuration via the "nameserver"
configuration attribute.
Fix#3388
It might happen, in CPU intensive tests (like TCP bulk lxip), or when
printing debugging output after a failed test (as done currently on
staging), that the run script on the host gives up and reboots the
platform too early. Thus, we raise the buffer time. A reboot should
be necessary only in rare cases anyway.
Fixes#3387
On muen, we don't have configured access to wifi so far. Thus, the wifi
driver doesn't come up and we should skip tests using this driver for
the platform.
Fix#3384
On x86 the CPU count is determined through ACPI's MADT by counting the
local APICs reported there. Some platforms report more APICs
than there are actual CPUs. These might be physically disabled CPUs.
Therefore, a check if the LAPIC is actually physically enabled in
hardware fixes this issue.
Thanks to Alex Boettcher
fixes#3376
Fix initial stack pointer alignment for x86_64 in crt0.s startup code of
bootstrap. SysV ABI states that upon function entry (rsp + 8) % 16 = 0.
There, we have to align the stack to 16 bytes before all 'call'
instruction not 8. Otherwise FPU (GP) exception might be raised later on
because of unaligned FPU accesses.
issue #3365
Since gcc 8.3.0 generates SSE instructions into kernel code, the
kernel itself may raise FPU exceptions and/or corrupt user level FPU
contexts thereby. Both things are not feasible, and therefore, lazy FPU
switching becomes a no go for base-hw because we cannot avoid FPU
instructions because of the entanglement of base-hw, base, and the tool
chain (libgcc_eh.a).
issue #3365
This removes implementations of and also references to anonymous new and
delete operators from the libc implementation. As allocators for
new/delete Libc::Allocator instances are used, which (paradoxically) map
to libc malloc/free.
Also disable TS (task switch) flag in cr0 during kernel initialization,
so FPU faults are not raised. This became necessary since GCC lately
aggressively generates FPU instructions at arbitrary places and also at
early kernel-bootstrapping stages.
fixes#3365
GCC version 7 and above generate calls to __divmoddi for 64bit integer
division on 32-bit. Unfortunately, libgcc liberaries of older compilers
lack this symbol and are still in use by Debian/Ubuntu LTS at least.
* added global offset table relative loading for global symbols
* removed 'initial_sp' and 'initial_x0' because they are currently not
used on this platform. If required they are easy to resurrect.
issue #3260
The libc features support for SOCK_CLOEXEC now which gets set via
the type argument in 'libnl'. Since we are only interested in the
actual type, i.e. if it is SOCK_RAW, just ignore the flags.
Issue #3289.
* Adjust expected pow(-1/1, inf/-inf/nan) output to current libm
behavior (as in FreeBSD, glibc, and OpenLibm) and return 1 on
x86_64/x86_32/arm
* Add 'double float' outputs for ARM which are defined to float
issue #3289
This prevents
error copying "bin/libm.lib.so": no such file or directory
error copying "bin/posix.lib.so": no such file or directory
when running "make run/noux" from an empty build directory.
On some platforms (foc+pbxa9, hw+imx53_qsb_tz, hw+rpi) the default buffer size
is to much for the RAM available on the board. Thus, decrease the buffer size
and therefore the number of polls for these platforms only.
Fixes#3354
Replace the FreeBSD libm with OpenLibm, which is easier to port.
OpenLibm is used by Mirage's freestanding Ocaml runtime (sin POSIX).
https://openlibm.org/
Ref #3289
Moreover, express current requirement to hw API, which was missing until now.
Originally, in the board-specific build directory of imx53_qsb the
"KERNEL" variable was preset with "hw". Therefore, it was not perceived
that this dependency is required.
Ref #3316
This reverts commit 918b9a9fa4.
The Muen debug console buffer was increased by the recent update, which
alleviates the issue with many log messages as in the ieee754 test.
Components like kernel, core, and bootstrap that are built for a
specific board need to reside inside the same architectural dependent
build directory. For instance there are sel4, foc, and hw kernel builds
for imx6q_sabrelite and imx7d_sabre, which have to reside inside the same
arm_v7 build directory.
This commit names those components explicitely, and adapts the run-tool to it.
Fix#3316
When enabling the 'keep_going' config attribute, the component will
carry on in case a child exited with an error. In addition, if the
'restart' attribute is set it will start executing the children from
the beginning.
Previously, only Invalid_dataspace, Region_conflict, and Out_of_ram were
handled for both allocate and attach with the same handlers. However,
both operations can also throw Out_of_caps and for all exceptions during
attach, the dataspace must be freed again whereas this is not the case
when the exception occured during allocate.
Issue #2953
either
- due to poor signal performance of base platform
- due to being to less prioritized
- due to schedule overload
- due to using time sources of different physical CPUs
Issue #3111
Instead of retieving the information about the underlying platform from
the configuration, check the running kernel from the platform_info. This
commit removes the undocumented "acpi" config attribute.
- kernel: propagate cr0 to VMM on exit in nested paging case
- kernel: disable forceful VM exit on task switch
- vm_session: adjust to kernel changes
Issue #3111
* Make package buildable for ARM too
* Move usb library to src targets for explicitly named targets
* adapt remaining run-scripts to use the correctly named usb drivers
Ref #2190
* Make target binaries independent of board SPECS
* Name binaries of one architecture unambigously
* Extend include path to match board specifics
* Adapt run-scripts to use the right binary
Ref #2190
Ref #3180
When there are too many PCI devices, the Expanding_reporter regenerates
the report. However, this doesn't reset the BDF counter used to iterate
over the devices. This results in starting the new report after the PCI
device that triggered the report buffer overflow. This commit fixes the
issue by putting the BDF counter initialization inside the lambda
function used to generate the report.
Fixes#3317
This patch fixes the corner case where an animated geometry changes its
destination mid-way while an animation is already in progress. The
'_trigger_animated_geometry' method used to back out early in this case,
which was intended as an optimization.
Fixes#3296
To enable the use of uncached DMA buffers as RX and TX communication
buffers in between driver (service) and client, introduce a cache
attribute in the constructor of Nic::Session_component
Ref #3291
With the new fact that plain time values are always 64 bit unsigned, the
timestamp type is never bigger than the plain time type. Therefore, a code path
in the curr_time interpolation that treated this condition is not neccessary
anymore.
Ref #3208
This enforces the use of unsigned 64-bit values for time in the duration type,
the timeout framework, the timer session, the userland timer-drivers, and the
alarm framework on all platforms. The commit also adapts the code that uses
these tools accross all basic repositories (base, base-*, os. gems, libports,
ports, dde_*) to use unsigned 64-bit values for time as well as far as this
does not imply profound modifications.
Fixes#3208
- Added 'io_buffer' attribute, default is 4M
- Added 'batch' attribute, specifying the number of jobs used
in parallel, default is 1 (sequential)
- Removed 'synchronous' attribute (use batch of 1 instead)
- Added 'copy' attribute (default "yes")
- Print number of signals ("triggered")
Issue #3283
This patch equips the 'Block::Connection' with a framework API for the
implementation of robust block-session clients that perform block I/O in
an asynchronous fashion.
An application-defined 'JOB' type, inherited from 'Connection::Job',
encapsulates the application's context information associated with a
block operation.
The lifecycle of the jobs is implemented by the 'Connection' and driven
by the application's invokation of 'Connection::update_jobs'. The
'update_jobs' mechanism takes three hook functions as arguments, which
implement the applications-defined policy for producing and consuming
data, and for the completion of jobs.
Issue #3283
As a preparatory step for introducing the new block-client API, we have
to turn the 'Block::Connection' into a class template. The template
argument will be used to tie an application-defined job type to the
block connection.
Issue #3283
Instead of using `cps` instruction, use an exception return
instruction to switch from `hyp` mode to `svc` mode.
Otherwise it causes unpredicted behaviour on ARM.
Fix#3284
This patch adds support for manually triggering the wakeup of the packet
sink by the source. This way, a packet source becomes able to marshal
batches of submissions or unmarshal batches of acknowledgements before
yielding the control over to the sink.
Issue #3283
Issue #3111
remove_range may deny to the job on memory pressure or insane ranges,
which ends up in an endless loop when the Avl allocator is in destruction.
Since the Avl gets destructed, solely the memory free up is of importance,
not the correct range adjustments during remove_range.
Track the dataspaces used by attach and add handling of flushing VM space
when dataspace gets destroyed (not triggered via the vm_session interface).
Issue #3111
Handles corner case when addr + size becomes exactly 0. Before the commit
the function returned that sum is not part of the range, which is wrong.
Issue #3111
This patch removes the blocking Block::Session::sync RPC function and
adds the asynchronous operations SYNC and TRIM to the block session's
packet-stream interface.
Even though the patch adjusts all block components to the interface
change, the components keep the former blocking handling of sync
internally for now because of the design of the 'Block::Driver'
interface. This old interface is not worth changing. We should instead
migrate the block servers step by step to the new
'Block::Request_stream' API.
Fixes#3274
The new request tag allows a block-session client to uniquely correlate
acknowledgements with outstanding requests. Until now, this was possible
for read and write operations by taking the value of the request's
packet-stream offset. However, SYNC and TRIM requests do not carry any
packet-stream payload and thereby lack meaningful offset values. By
introducing the notion of a 'tag', we can support multiple outstanding
requests of any type and don't need to overload the meaning of the
'offset' value.
Issue #3274
This patch splits the 'Request' definition into smaller types that are
suitable for the client-side API too.
The new 'Operation' type comprises the block operation's type (opcode)
and the operation's arguments (block number, block count).
The former 'Request::operation_defined' is now 'Operation::valid'.
The 'Request' aggregates an 'Operation', which changes its object
layout.
Note that this commit relaxes the bit-precise definition of 'Request' to
facilitate the use of 'unsigned long' where appropriate, in particular
for the request tag (which should correspond to an 'Id_space::Id'). The
originally bit-precise definition was pursued to allow the sharing of
the 'Request' type between SPARK and C++ code. However, it turns out
that defining a native type in each language and a (set of) converting
constructors is a more natural approach.
Issue #3283
When receiving a terminal signal, the uart device model has to
take all characters out of the stream. Otherwise, characters
might never arrive at the VM. This was not recognized before,
because it was used with a quite slow UART only, which obviously
never achieved to send more characters at once.
Ref #3278
A small terminal-client tool, which expects a specific line(-start),
and then sends a specified line to the other side. Optionally,
it prints all received lines to its LOG service.
Ref #3278
- sorting of initializer by Christian Prochaska - issue #3253
- leak of FPU register state reported by Julian Stecklina - thanks !
- fix page table synchronization bug - by Julian Stecklina
- add a second dynamic buddy if the memory requirements could not be fulfilled
by the first dynamic buddy
- disable vtlb peek if EPT/NPT is enabled
This patch renames 'wakeup_client' to 'wakeup_client_if_needed' to
clarify that the method triggers signals only when needed, not on every
call.
The name 'wakeup_client' is prone to misguide users to call the function
conditionally as an optimization, thereby complicating the code, but to
no effect.
Fixes#3279
This patch replaces the formerly fixed 2 KiB data alignment within the
packet-stream buffer by a server-defined alignment. This has two
benefits.
First, when using block servers that provide small block sizes like 512
bytes, we avoid fragmenting the packet-stream buffer, which occurs when
aligning 512-byte requests at 2 KiB boundaries. This reduces meta data
costs for the packet-stream allocator and also allows fitting more
requests into the buffer.
Second, block drivers with alignment constraints dictated by the
hardware can now pass those constraints to the client, thereby easing
the use of zero-copy DMA directly into the packet stream.
The alignment is determined by the Block::Session_client at construction
time and applied by the Block::Session_client::alloc_packet method.
Block-session clients should always use this method, not the 'alloc_packet'
method of the packet stream (tx source) directly. The latter merely
applies a default alignment of 2 KiB.
At the server side, the alignment is automatically checked by
block/component.h (old API) and block/request_stream.h (new API).
Issue #3274
This patch modernizes the 'Block::Session::info' interface. Instead of
using out parameters, the 'init' RPC function returns a compound 'Info'
object now. The rather complicated 'Operations' struct is replaced by
a 'writeable' attribute in the 'Info' object.
Fixes#3275
Triggering of an invalidated signal seems to be no real exception,
but something that occurs regularily. Therefore, the kernel warning
is of no use to developers anymore.
Ref #3277
As far as possible remove usage of warning/error/log in the kernel,
otherwise the kernel context might try to take a lock hold by a core
thread, which results in a syscall to block.
Fix#3277
This patch removes the reliance of the extract tool from the libc's
behavior regarding the access of time and timing.
The extract tool is not expected to need time. However, unfortunately,
libarchive calls the 'time' function unconditionally. By adding a
dummy for 'time', we avoid bothering the libc, which would otherwise
need to obtain a time source.
Issue #3204
In the original version, I used 'number_of_bits' because Ada's 'Size
returns the size in bits, not bytes. But the values (for objects) are
always a multiple of 8. On the C++ side, performing size checks at the
granularity of bits is just awkward. The term 'object size' is more
natural.
* necessary for enabling the kernel debugging facilities on base-foc
(outstring, fiasco_tbuf_log_3val and friends)
* disabled by default
related to issue #3260
By adding a wildcard at the beginning of (expected) error messages, the
test.run tool becomes able to match the lines (ignoring the characters
of the color escape sequence).
The 'aes_cbc_4k' library is simple wrapper around libsparkcrypto to
serve as a backend for storage encryption. It operates on data chunks of
4 KiB and uses AES-CBC while incorporating the block number and the
private key as salt values.
Discovered while creating an ext2 file system on an sd_card (no
partitions, imx6), which failed with an error message that stated the
device is in use. Genode's libc/posix layer has no notion of mount
points.
Fixes#3271
Disconnecting a client and connecting an other to the sd_card_drv
on imx6 results in a "Completion host signal timed out" error in
the newly connected client.
Fixes#3272
The "nameserver" file cannot be opened through a VFS File_system client
if the plugin does not support opening the parent directory of
"/nameserver", which would be "/".
Ref #3269
Replace the I/O response handler that is passed to the VFS at
construction with an object that is dynamically attached to handles.
This object shall also accept read-ready notifications, and plugins are
encouraged to keep handles awaiting ready-ready notifications separate
from handles that await I/O progress.
Replace the use of handle lists in plugins with handle queues, this
makes the code easier to understand and the ordering of notifications to
the application more explicit.
These changes replace the use of the Post_signal_hook from all VFS
plugins, applications must assume that read-ready and I/O notifications
occur during I/O signal dispatch and use an Io_progress_handler at its
entrypoints to defer response until after signal dispatching.
Fix#3257
Make sure that the rwlock is allocated before a lock operation is
performed. This case occurs if a static rwlock was create by using
PTHREAD_RWLOCK_INITIALIZER. Same goes for PTHREAD_CONDS_INITIALIZER.
Fixes#3262.
Since QEMU might put the audio device at 00:03.0, also check if the
vendor is Intel. Hopefully we do not render HDA on real machines
useless with this changes (so far I have not encountered one).
Fixes#3263.
For better or worse we have no proper way of handling this right now
but contrib libraries, e.g. glib, use it to determine if they can use
the underlying fd.
Fxies #3265.
Issue #3111
- enable vt-x in kernel configuration
Kernel patches:
- add unrestricted guest support
- avoid kernel boot failure when vt-x is not available
- avoid nullpointer in kernel when vcpu is not fully setup
- avoid vcpu scheduling bug which causes starvation on same/below prio level
- save efer register correctly from guest
The '_currently_constructed' pointer caches the information about which
'Launched_child' is currently configured in the menu. When discarding
the runtime (e.g., when un-using a file system) at this point, this
cached pointer was not invalidated while all 'Launched_child' objects
would be freed (including the currently constructed one). On the next
attempt to construct a new child, the sculpt manager attempted to
destruct the 'Launched_child' referred by the (now outdated)
'_currently_constructed' again.
Fixes#3240
Until now, Genode referenced a fork of the outdated elfloader-tool
to enable bootstrapping of sel4 on ARM platforms. Because the
elfloader is inherently dependent on the used platforms newer
ARM versions supported by the kernel could not be loaded by the
outdated elfloader. This commit uses a fresh fork of the nowadays
used sel4_tools repository.
Ref #3251
This commit handles the corner case where a package could be installed
successfully but the package's runtime definition is inconsistent with
the content delivered by the package's dependencies, i.e., the <content>
of the runtime file lists ROM modules that do not exist.
With this patch, the '+' menu shows the message "installed but
incomplete" whenever a package is in such a state.
Issue #3241
