The minimal-footprint Ada runtime for implementing library-like
functionality in SPARK is now called "spark" runtime.
The full Ada runtime for entire components written in Ada and using the
libc as glue to the underlying system will move to the world repository
as "ada" runtime.
Issue #3144
Also added a report_rom for USB devices and let the driver report like
in a real scenario. Can also be used for debugging by setting
verbose="yes" in report_rom.
And most importantly: use the same size everywhere.
Note, this commit also configures the stack size of noux-process threads
to 64 KiB independently of the CPU architecture. The reason is the
increased stack usage because of the additional argument space in
Execve_child_env in syscall(SYSCALL_EXECVE), which crafts a child
environment on stack for the creation of the new child.
Fixes#3145.
As we don't execute the acpi_drv on Muen, we have to supply a static
'acpi' info as boot module. This is normally done by the
base/run/platform.inc include. However, when using base-hw-muen kernel
from a depot archive - as done by modern run scripts like
depot_download.run - the platform.inc magic is not applied.
This patch enhances the src archive of base-hw-muen with a mechanism
that creates a pre-defined acpi info at the bin directory via an
artificial src/acpi/target.mk file. This way, the static acpi ROM ends
up as boot module when importing the base-hw-muen archive into a
run script.
* Increase the CMD length to accomodate the limit of the wpa_supplicant
* Fix case where multiple SSIDs with 32 bytes are used
* Use Expanding_reporter for accesspoints report
Fixes#3139.
The 'run_genode_until' procedure only called 'run_power_on' to reset
the target machine. That works will with the softreset module, which
is used by all x86-based test system but falls short regarding ARM
boards. The way those boards are connected requires turning the power
off and on for a complete cycle.
On a Lenovo ThinkCentre M57p, the system locks up when the UHCI controller
BIOS handoff (disabling bit 4 in the LEGSUP register) for the controller
with PCI BDF 00:1d:2 is attempted before the handoff for the controller
with BDF 00:1a:0.
Fixes#3138
This patch replaces the former prominent use of pointers by references
wherever feasible. This has the following benefits:
* The contract between caller and callee becomes more obvious. When
passing a reference, the contract says that the argument cannot be
a null pointer. The caller is responsible to ensure that. Therefore,
the use of reference eliminates the need to add defensive null-pointer
checks at the callee site, which sometimes merely exist to be on the
safe side. The bottom line is that the code becomes easier to follow.
* Reference members must be initialized via an object initializer,
which promotes a programming style that avoids intermediate object-
construction states. Within core, there are still a few pointers
as member variables left though. E.g., caused by the late association
of 'Platform_thread' objects with their 'Platform_pd' objects.
* If no pointers are present as member variables, we don't need to
manually provide declarations of a private copy constructor and
an assignment operator to avoid -Weffc++ errors "class ... has
pointer data members [-Werror=effc++]".
This patch also changes a few system bindings on NOVA and Fiasco.OC,
e.g., the return value of the global 'cap_map' accessor has become a
reference. Hence, the patch touches a few places outside of core.
Fixes#3135
The new method allows for the construction of a meta-data object inside
the reserved space of the allocator's meta data. It thereby alleviates
the need to copy the meta data object (via the assignment operator) as
done by the traditional 'metadata' setter method. This, in turn, allows
one to use non-copyable objects (like objects with constant member
variables) as meta data.
This patch moves the removal of the signal context from the
'_platform_finish_dissolve' to the '_platform_begin_dissolve'
method. This is needed because the removal involves taking
the signal-registry lock. The latter must adhere the same
locking order as the code path used for signal delivery.
Fixes#3109
Move the allocation of the session packet buffer into a subclass that is
constructed before the File_system RPC object. This allows the buffer
allocation to be wrapped in a constructor/destructor class and clearly
accounted for.
Fix#3134
The situation where a 'Session_policy' is constructed for a label with
no matching policy is in almost all cases a configuration problem.
A diagnostic message eases pin-pointing such mistaks. By adding the
message to the 'Session_policy', servers don't need to manually handle
the exception to provide diagnostic information. This simplifies the
server code in many components.
In less interactive mode, the run script doesn't give up on missing test
archives but instead removes the corresponding tests and marks them "missing".
This mode avoids total failure of a platform in automated test infrastructures
when only a few archives are missing.
Fixes#3120
The former 'Genode::Timed_semaphore' mechanism is moved to the private
part of the two remaining users, namely dde_rump and the libc. Note
there are now two private copies of 'timed_semaphore.h'. This should be
regarded as an interim step until the use of this mechanism is removed
from both users.
This patch also cleans up the mechanism from legacy Genode API calls and
global side effects (alarm-thread singleton). The test/timed_semaphore
is now located at the libports repository as it now tests a mechanism of
the libc. The former timed_semaphore library is no more.
Fixes#3121
Store all files generated by moc and rcc in the application's build
directory to prevent the use of unfinished generated files for other
applications built at the same time.
Issue #3115
It can happen that a keyboard gets plugged in and 'led_connect()' is
called while the keyboard LED of another keyboard is just being updated
(and the registry is locked).
Fixes#3118
After a certain number of tests, presumably some resource in core is exceeded
and loading the successive test fails. This quickfix looks out for the
characteristic Core error and then reboots to avoid that all successive tests
are marked as failed.
Since the timer and timeout handling is part of the base library (the
dynamic linker), it belongs to the base repository.
Besides moving the timer and its related infrastructure (alarm, timeout
libs, tests) to the base repository, this patch also moves the timer
from the 'drivers' subdirectory directly to 'src' and disamibuates the
timer's build locations for the various kernels. Otherwise the different
timer implementations could interfere with each other when using one
build directory with multiple kernels.
Note that this patch changes the include paths for the former os/timer,
os/alarm.h, os/duration.h, and os/timed_semaphore.h to base/.
Issue #3101
This patch improves the appearance of the leitzentrale by eliminating
the (hardly visible) decorations from the GUI and graph views, and by
animating the motion of the graph position. The latter is meant to
remove the stuttering effect when the graph's size changes (and
re-centered).
This patch improves the consistency of the hover handling after
finishing a drag operation. Normally, the window manager hides pointer
updates while the user is performing a drag operation with the mouse
from the decorator. However, in the special case where a drag operation
results in a window-layout change, the decorator's hover model may be
affected. Hence, the window manager must supply the current pointer
position when leaving the drag state.
Issue #3097
This patch supplements the dragging state of window controls to the
window layout so that decorators become able to visually reflect this
state, i.e., pressing the title bar while moving a window.
Issue #3097
This commit adds the optional 'motion=<number>' attribute to the
decorator's <policy> nodes. The default value is 0. If a value higher
than 0 is specified, window-geometry changes are applied as an animation
where the <number> denotes the number of animation steps.
Issue #3096
This patch adds the boolean policy attribute "decoration", which
controls whether window decorations are presented or not. It is enabled
by default. By setting the attribute to "no", matching windows appear
without any border, which is desireable for Sculpt's component graph.
Issue #3096
Don't just clamp the speed value to a positive number but immediately
assign the destination value. This is needed in situations where the
number of steps is too low for proper acceleration and deceleration.
Issue #3096
This patch improves the window decorators in the following respects:
* Strict warnings are enabled now.
* The use of the 'List_model' makes the application of window-
layout changes more robust. This is particularly the case for
the restacking of windows.
* Display-mode changes are now supported by both decorators.
Issue #3094
The new 'apply_first' method enables users of the list model to manually
traverse the list model via the 'Element::next' method instead of
iterating via 'for_each'. This is needed in situations where the
list-model elements are visited via recursion, not via a loop.
Issue #3094
Until now, decorators used to rely only on the TO_FRONT command for
propagating the window stacking to nitpicker. However, as the additional
use of the TO_BACK command allows for a more robust procedure, this
patch enhances the wm to handle both view stacking commands.
Issue #3094
This commit solves several issues:
* correct calculation of overlap region when detaching regions
in managed dataspaces
* prevent unmap of Fiasco.OC's core log buffer
* calculate the core-local address of regions in managed dataspaces
if possible at all and use it to unmap on kernels where this is
needed
Fix#976Fix#3082
Adds an config attribute to the Depot Autopilot component:
:<config repeat>:
Can be one of
"false" - process the given test list only once,
"until_forever" - endlessly repeat processing the given test list,
"until_failed" - repeat processing the given test list until it fails.
Adds an environment variable to the Depot Autopilot Run script:
:TEST_REPEAT:
Same as the <config repeat> attribute of the Depot Autopilot.
This is useful when having to debug very sporadic errors during one test
or a series of tests.
Init's state reports are updated whenever an interesting part of init's
internal state changes (e.g., when sessions are established, or when
children are started/removed). However, until now, a change of a skipped
heartbeat counter was not taken as trigger for state-report updates.
In scenarios where no other intersting event happened, the last reported
state did no reflect the current heartbeat state. In particular, when
the last report was issued during the construction of a new child just
before the child became able to respond to heartbeat requests, the stale
report hinted at heartbeat problems that were just an initialization
artifact. This problem became visible on some Qemu platform where the
child startup takes a long time.
The patch tracks the observed skipped-heartbeat counter and triggers a
report whenever the counter value changes.
Issue #3079
By adding an additional synchronization point in the form of a matched
log message, this patch makes the timing behavior of the "test changing
provided services" step more deterministic. Without it, the scheduling
of OKL4 and base-hw resulted in a merge of two config updates into one.
Issue #3079
This can happen, for example, during 'dlopen' if unresolved symbols are
present.
* Unload already loaded shared libraries
* Delete dependencies
* Flush initializer list (ctors)
fixes#3073
Packets whose data is stored within the Packet_descriptor itself
but not as payload, .e.g Usb::Packet_descriptor, are valid packets
after all. So loosen the packet valid check for zero-sized packets
is reasonable.
Fixes#3076.
'SANITIZE_UNDEFINED = yes' in 'target.mk' adds the '-fsanitize=undefined'
compiler flag and links the program with libubsan and libsanitizer_common.
Issue #3072
This ensures that the depot_autopilot.run script, when exiting, always prints
a result overview of the so far available test results, except the Depot
Autopilot component has managed to print the result overview up to this point.
Unequal numbers of double quotes let the XML parser of init fail,
therefore replace all double quotes when transfering previous
results after a reboot.
Ref #3027
Our overall nightly test time greatly decreases when the timeouts for
the single tests are not that over-pessimistic. Using the slowest
platforms as reference, this commit reduces the test timeouts.
Ref #3027
Call 'tcp_output' if application data has been successfully queued. This
sends data immediately that may otherwise remain queued until the next
periodic TCP timer event.
This reverts a change made in 3e31e2ba53.
Fix#3067
The number of tests to run is the number of test package-archives minus the
the those that are skipped for the given platform. The number is printed
directly after checking if the given platform is supported by the run script.
It helps the surrounding test infrastructure to ensure that, for instance, a
result graph always reflects the same total number of tests, even though there
is a sporadic problem with booting the platform.
This commit addresses several multiprocessing issues in base-hw:
* it reworks cross-cpu maintainance work for TLB invalidation by
introducing a generic Inter_processor_work and removes the so
called Cpu_domain_update
* thereby it solves the cross-cpu thread destruction, when the
corresponding thread is active on another cpu (fix#3043)
* it adds the missing TLB shootdown for x86 (fix#3042)
* on ARM it removes the TLB shootdown via IPIs, because this
is not needed on the multiprocessing ARM platforms we support
* it enables the per-cpu initialization of the kernel's cpu
objects, which means those object initialization is executed
by the proper cpu
* it rollbacks prior decision to make multiprocessing an aspect,
but puts back certain 'smp' mechanisms (like cross-cpu lock)
into the generic code base for simplicity reasons
The Linux emulation library provides preprocessor macros for min() and
max(), which now clash with implementation in duration.h. So, we disable
those macros in the delay implementation.
FreeBSD implements 'clock' with an accuracy of 128 ticks-per-second for
compatibility reasons, Linux uses 1000000 per-second. Remove 'clock' and
print an error because it is unlikely that this is the resolution
expected by the application.
Fix#3057
For reading the MAC address we try first to read it from the <policy> tag, and
when it is not defined in the <policy> tag, we allocate a MAC. But there was
no handling of the case that there is no appropriate <policy> tag. In this
case we want to create the session with an allocated MAC also.
Due to the changing environment this test is executed (like depot_autopilot)
the binary test-rm_fault used to check ROM dataspace's read-only property
does not suit anymore. This commit changes the binary to ld.lib.so that is
normally still provided as a ROM dataspace.
Ref #3027
The test for python requires x86 to be built. Therefore, there is no test
binary available when trying to execute that test on ARM with depot_autopilot.
This patch constraints the window size of the generated layout to the
minimum of the client's real window size and the wanted window size
(both may differ when resizing or maximizing windows).
This patch improves the handing of new appearing windows for which only
a wildcard assignment - but no exact assignment - rule exists. In the
prior version, an interactively raised window would stay in front of
such a window, which is unintuitive. The new version applies the
to-front mechanism to unknown new windows. For known new windows (with
an exact assignment rule) their original stacking position is preserved.
This patch solves an off-by-one problem in the window-size calculation,
which resulted in sporadic artificial resize requests. In Sculpt, this
glitch caused flickering artifacts in VirtualBox windows caused by
superfluous guest desktop-resize handling.
Furthermore, the patch introduces the dropping of resize requests with
unchanged content.
The commented-out <start> nodes are prone to become inconsistent with
the launchers. Hence, this patch removes them. Start nodes should better
be added by the '+' menu, at least initially.
Furthermore, the patch directs requests for the vfs.lib.so ROM to core's
ROM service to reduce the impact of low-level ABI changes (i.e., the
packet-stream layout) on existing vfs/libc-based packages.
This patch makes init robust against invalid routing rules that lack a
name attribute in the '<service>' node. This situation may occur when
interactively editing routes in Sculpt.
Return a value in the same width as provided by the caller of sysctl for
PHYSMEM and USERMEM. This is to ensure that if a caller provides a
64-bit integer, a 64-bit value will be returned for 32-bit machines.
issue #3060
Some application code is dereferencing the pointer returned by
'packet_content' at packet streams without checking that it is valid.
Throw an exception rather than return a null pointer, except for
zero-length packets, which have somewhat implicit invalid content and
that we believe to be properly handled in all current cases.
The client-side of a packet stream cannot take corrective action if the
server-side is sending packets with invalid content, but the servers
that provide packet streams should catch this exception to detect
misbehaving clients.
Ref #3059
This enables Qt5 applications to set a Genode label via 'setWindowTitle'
from within Qt5 applications, and thus, making them identifiable to
other Genode components, like a layout manager.
fixes#3046
The recall file system is a place where components can remember state.
E.g., to allow the window layouter to recall the window layout of the
previous session.
In a corner case, the toggling of the popup menu entered a state
where the menu could not be opened anymore by the user. Specifically
the following input sequence triggered this problem.
1. The user opens the menu
2. The user clicks on the menu and holds the button
3. While holding the button, the user moves the pointer to the
outside of the popup (e.g., to the '+' button)
4. The user releases the button.
In this situation, the popup is closed but the hover information for the
popup contains still the original clicked-on item. Hence, all subsequent
clicks on the '+' appear as both a click on the '+' (opening the popup)
and a click on the "hovered" popup entry (closing the popup).
The patch explicitely clears the popup's hover information when closing
the popup.
Change the root of a session request into an explicit path and apply the
label-to-path conversion using the "path_prefix" policy attribute. This
is in addition to only applying a root change with a "path" attribute.
Ref #3031Fix#3056
The bulk buffer is now 64Byte-aligned so that the allocated
packets get aligned likewise (assumed the packet allocator uses an
appropriately aligned block size). This ensures that each packet
starts at a new cache line on common platforms.
Issue #3053
Move the libc-i386, libc-amd64, and libc-arm include directories into
the standard "include/spec" directory. This allows the platform specific
headers in the libc API package to be detected in a generic manner.
Ref #3051
The pthread API is considered a standard feature of libc so better to
simply merge it with the libc. Pthreads are in fact already a part of
the libc in the form of weak symbols. This merger is also a prerequisite
for better integrating pthreads with the libc I/O task.
Fix#3054
Print a line like "succeeded: 35 failed: 11 skipped: 2" below the list of test
results. Adds further attributes to <previous-results> to communicate also the
previous statistics.
This commit moves the window layouter and window decorator into
dedicated packages that can now be combined with the "wm" server at
runtime and restarted/reconfigured/swapped-out independently.
To use the window manager, one must start the 'wm', 'window_layouter',
and one of the 'motif_decorator' or 'themed_decorator' subsystems.
Fixes#3024
When doing the libc_getenv test on autopilot+foc+x86 and one of the
subsequent tests crashes the system so it gets rebooted by the run
script, the system doesn't come up again. It gets stuck after core
initialization.
Issue #3027
The PDF viewer can crash under a number of conditions due to changes to
the internal framebuffer model that were made to support mouse wheel
panning. These changes are reverted until the model can be reimplemented
to explicitly support page panning.
Fix#3021
This patch improves the detection of new appearing top-most windows.
Such a window should prompt the decorator to bring the corresponding
nitpicker view(s) to the front of the view stack. The original
implementation relied on hints provided by the layouter (the 'topped'
attribute). With the patch, the decorator tracks the top-most window by
itself, which improves the robustness.
As a second improvement, the patch defers the destruction of windows to
the point when all other window operations are completed. This hides
intermediate states when replacing one window by another in one step,
which is typical for console-like scenarios. Hence, this patch should
eliminate flickering artifacts when switching from one virtual console
to another.
Issue #3031
This commit replaces the former floating_window_layouter with a new
window_layouter component that supports the subdivision of screen space
into columns and rows, the concept of layers, and the principle ability
to store window layout information across reboots. The latter is
accomplished by reflecting the component's internal state as a 'rules'
report to the outside.
Fixes#3031
* In base-foc/recipes/src/ replace base-foc with base-foc-pc
* To base-foc/recipes/src add base-foc-arndale, base-foc-pbxa9
* Ensure that the correct base-foc recipe is choosen by the run module
'boot_dir/foc'
* To base-hw/recipes/src add base-hw-arndale, base-hw-imx53_qsb,
base-hw-imx53_qsb_tz, base-hw-odroid_xu, base-hw-panda, base-hw-rpi,
base-hw-wand_quad
* Ensure that the correct base-hw recipe is choosen by the run module
'boot_dir/hw'
This patch fixes the following build problem that occurs on recent
GNU/Linux systems:
/usr/include/x86_64-linux-gnu/sys/cdefs.h:307:0: error: "__always_inline" redefined
...
/usr/include/linux/stddef.h:5:0: note: this is the location of the previous definition
The code in 'cdefs.h' does not check if the '__always_inline' is already
defined. The patch works around the problem by including the 'sys/cdefs.h'
first.
For being able to build the tests via source archives, the 'base'
library must be denoted as dependency explicitely in their 'target.mk' file.
This is because when building archives, the API dependencies of used APIs are
not taken into account.
Use the Timer session duration for CLOCK_MONOTONIC and CLOCK_UPTIME.
Use the Genode::Duration object for passing internal time, it supports
sub-millisecond time and helps disambiguate units of time.
Fix#3018
Block and loop until application writes are sent or buffered in their
entirety. Do not call "tcp_output" directly, LwIP calls this procedure
internally and calling it again appears to disrupt the LwIP TCP state
machine.
Fix#3017
Move button-event reporting behind pointer-position update.
This is just a quickfix to restore correct pointer emulation with
dde_linux usb_drv. It does not change usb_hid_drv because the approach
is a questionable workaround of the current input event handling, which
reports events promptly on occurrence of inputs events and ignores
synchronization events completely. The original contrib code reported
the button press before absolute x and y positioning followed by a sync
event.
Issue #3019
This component allows access to Terminal sessions via interactive SSH
sessions. Please read _repos/gems/src/server/ssh_terminal/README_ for
more detailed information.
Fixes#3014.
This fixes the region-map component implementation in core, which uses a
'Genode::Weak_ptr<Genode::Region_map_component> _faulting_region_map'
member. This member is assigned a valid weak_ptr or an invalid weak_ptr
according to the state machine.
Fixes#3012
The new 'conditional' method simplifies the typical use case for
'Constructible' objects where the constructed/destructed state depends
on a configuration parameter. The method alleviates the need to
re-implement the logic again and again.
The patch also removes the 'Reconstructible' constructor arguments
because they are unused.
Fixes#3006
* Account all RAM/CAP quota of a session except quota for metadata used in
core. The latter is considered when asking if a session can afford to make
an operation but it does not get accounted to always be able to pay back all
quota when a session closes. The general accounting mechanism is moved from
atop of the allocators down to the level of RAM/RM session operations.
* report statistics about session objects and quota if <report stats="yes"
quota="yes"/> is configured. (default is yes if <report> is present)
Issue #2953
Like suggested by RFC 2663, reprogram the dissolve timeout of a TCP link
state to 2 times the maximum segment lifetime (by default 1 minute) when
receiving a matching packet with the FIN flag set, or with the ACK flag
set to acknowledge a FIN of the remote side.
Mark a link state as closed (no further reprogramming of the dissolve
timeout) and set the dissolve timeout to 2 times the maximum segment
lifetime when receiving a packet with the RESET flag set.
Issue #2953
If the NIC router has insufficient CAP or RAM quota for the creation of
a state object for an interface, it tries to destroy a certain amount of
existing state objects of this interface to free resources. Afterwards,
it retries handling the current packet once. If it does fail again, the
router drops the packet.
Issue #2953
Ensure that a '\0' always appears at the end of the ouput of the XML
generator. Previously, exceptions during the Node(...) constructor
might have prevented this. This commit also extends the xml_generator
test to drive a harder test on exceptions in the Xml_generator.
Issue #2953
When the functor provided to the Node constructor throws an exception,
do revert all changes in reverse order. Previously, the changes made
to the parent node were not considered by the exception handler which
caused unnecessary characters to remain in the out buffer for each
reverted node.
Issue #2953
Switch to kernel branch, that determines the available system memory during
boot time. The overall kernel memory is still static, but during boot time
dynamically the amount can be chosen. Following 3 config option exists:
CONFIG_MEMORY_BOOT is the amount of kernel memory allocated in the BSS
statically - effectively chosen during link time - see linker script.
CONFIG_MEMORY_DYN_MIN && CONFIG_MEMORY_DYN_PER_MILL configures the dynamic
part of the kernel memory allocation applied during early kernel boot time.
CONFIG_MEMORY_DYN_MIN is the amount of memory which should be allocated at
least. CONFIG_MEMORY_DYN_PER_MILL defines the amount of the system memory in
per mill which should be allocated at most. The overall maximum kernel memory
is restricted to ~1G (64bit), due to the chosen internal virtual memory layout.
Fixes#2985
On some machines, both the AHCI and NVMe drivers are started within the
[drivers -> dynamic] subsystem. This ultimately exhausted the RAM quota
of this subsystem.
Issue #2987
This patch introduces the distinction of the manually managed
config/deploy from the managed config/managed/deploy. The latter
incorporates interactive changes of the system by the user. There are
two user interactions supported.
First, by clicking on the '+' button at the top-left of the runtime
view, the user can select a component to launch. All launchers at
config/launcher/ are listed in the popup menu. Each launcher can be
lauched only once. While running, is not available in the popup
menu.
Second, when selecting a node that corresponds to a start node in
config/deploy or that was interactively launched, the detailed view
shows a 'remove' button, which can be used to exclude the component
from the deployment.
The result of the interactive manipulation is always available at
config/managed/deploy. Hence, the current situation can be made
persistent by using it as config/deploy.
Fixes#2986
The tasklet_schedule implementation was missing the unblock call, which
was no problem in the past because the correspending task would get un-
blocked by other work items. Now that every workqueue has its own task,
there is nobody left to unblock the task and thereby execute the
tasklet. As a tasklet is the only way to transmit any pending frames
after transmission was temporarily suspended - because the device/fw
was not able to process the TX request - this rendered 6xxx devices
unusable whenever this situation occurred.
Fixes#2973.
The Arora main thread sometimes blocks on a pthread condition variable,
which prevents Genode signal processing with the current implementation.
This is especially a problem when the thread who could unblock the main
thread calls 'Libc::suspend()'.
As a workaround until the pthread locking mechanisms get adapted to the
Genode libc execution model, the Arora main function can be called from
a dedicated thread.
Fixes#2978
Close the stdin, stdout, and stderr I/O channels at child exit. This
serves to flush buffers at the I/O resources which might not be written
otherwise.
Ref #2919
The VFS LwIP plugin is page-faulting on connect error because the LwIP
library frees a failed TCP protocol control block before calling the
error callback, and then the VFS plugin dereferences the PCB to free it
a second time. This problem was caused by a failure to follow
documentation during a transition from a C callback to a C++ method.
Fix#2972
1) The loop for determining the line length read from a character offset
before checking whether the offset is smaller than the given string
length. This could have caused access outside the string buffer.
2) The routine for determining the line length first seeked for the
offset of the last real character of the line and than added one for
getting the length but only if the following character was '\n'. This
has to be done for any other line-terminating character too. The only
case where you don't want to do this is when the end of the whole
string is reached.
Issue #2967
When 'notify_read_ready()' is called during 'select()' and fails,
suspending can cause a deadlock when the libc IO response handler becomes
active and calls 'select_notify()', which tries to acquire the
'select callback list lock', which is already acquired by the suspended
'select()' call.
It seems possible to ignore a failed 'notify_read_ready()' call instead of
suspending. When the VFS plugin calls the IO handler later when the
notification request can be processed, the 'select_notify()' call of the
libc IO response handler will eventually call 'notify_read_ready()' again.
Fixes#2970
Implement the passwd database subroutines with single-user database.
This database is populated with a <passwd/> sub-node of the libc
configuration node. All fields of the "passwd" struct may be specified
with reasonable defaults provided for a "root" user. This allows a
libc-based component to spoof user information for the sake of porting
existing Unix software.
A test is provided at run/libc_getpwent.
Fix#2919
GNU tar interprets the passed time value in local time by default, which
lead to unstable hashes again. So, now provide a complete date/time
value incl. time zone.
Related to #2842
The VFS server does not support file-system with one single-file plugin
providing the root. This is because the "leaf_path" is not universally
implemented to handle the path "/". This fix is simply to skip a
"leaf_path" check when opening the path "/".
Ref #2919
Rather than removing the source files during the port preration, which
breaks preparing the port anew, they are now removed while creating
the src archive.
Fixes#2959.
This patch unifies the handling of on-demand resource upgrades among
ram_fs and depot_rom, and applies the new pattern to the runtime view.
This way, runtime view becomes able to accommodate more complex
scenarios.
There is a bug in the LwIP VFS plugin, the chained buffers used by Lwip
use sizes expressed in sixteen bits, and under conditions such as a read
of 1<<16 the higher bits are lost and the plugin performs a zero length
read, and the application interprets this as a closed connection.
Fix#2947
Since we use the git repo by now remove all unnecessary ballast like
unused code and the git history. The will bring down the wifi_drv's
src archive to reasonable size again.
This patch enables the user to click on a component in the runtime view
to reveal more information such as the used/assigned RAM/caps and
secondary dependencies.
This patch adds a graph of the current runtime state to the
leitzentrale. The topology of the graph depends on the first routing
rule of each component. For this reason, the patch re-orders routing
policies to make the most important route the first in the list.
The user can switch between the runtime view and the inspect window
by clicking on the corresponding menu dialogs. E.g., a click on the
storage dialog reveals the inspect window.
The PS/2 driver retries to get mouse-reset results for 700 ms, sleeping
after each attempt for 10 ms. So, the driver needs a Timer session now.
Fixes#2713
The most important route of each launcher is at the top of routes and
will be used to layout the graph topology of the runtime view.
By caching the state reports generated by the runtime init, the sculpt
manager becomes able to quickly check for the presence of components. So
we can apply routing-dependency checks not only prior starting
components but also while components are running.
Fixes#2938Fixes#2912
This patch fixes a problem in the non-const 'for_each' method of the
'Registry' data structure. If an exception was thrown from within the
functor of the 'for_each' operation, the not yet processed items of the
registry were dropped from the registry, which is not expected.
This patch addresses two problems: By guarding the buffer allocation in
a nested class, an exception in the body of the 'File_content'
constructor reverts the allocation. Second, if the file has no content
no allocation should be performed. The previous version wrongly passed
a size of zero to the allocator in this case.
This patch addresses a situation where _process_packets was called as a
side effect of watch notification (that was processed during an unlink
RPC operation). This scenario (triggered by the fs_query test)
ultimately ended up in a deadlock. Io/watch reponse handlers should
never re-enter the application logic.
The new base/xsd/config.inc defines generic XSD types such as 'Boolean' or
'Session_label'. It can be included in config XSD files by using:
! <xs:include schemaLocation="file://${GENODE_CONFIG_INC}"/>
The string ${GENODE_CONFIG_INC} is replaced by the run tool with the
above mentionened file path.
Issue #2897
Seen on X250
Description from https://www.win.tue.nl/~aeb/linux/kbd/scancodes-1.html
The ten grey keys Insert, Home, PgUp, Delete, End, PgDn, Up, Left,
Down, Right are supposed to function regardless of the state of Shift
and NumLock keys. But for an old AT keyboard the keypad keys would
produce digits when Numlock was on or Shift was down. Therefore, in
order to fool old programs, fake scancodes are sent: when LShift is
down, and Insert is pressed, e0 aa e0 52 is sent; upon release of
Insert e0 d2 e0 2a is sent. In other words, a fake LShift-up and fake
LShift-down are inserted.
Fixes#2888
The 'Report' route was missing. The commit also removes superfluous
routing rules for IO_PORT, IRQ, and IO_MEM that are captured by the
subsequenting wildcard anyway.
Issue #2909
The COW plugin provided only partial copy-on-write semantics and had
problems detecting recursive requests. Conversely, the import plugin has
much simpler behavior that is easy to test because it mirrors that of
the ram_fs server.
Ref #2745
LwIP skips a packet copy by wrapping Nic stream buffer regions in LwIP
pbuf objects. Move from a fixed size array to a potentially unbounded
slab allocator for managing this buffer metadata.
Ref #2335
A 'QThread' can be reused when its execution is finished by calling
'QThread::start()' again. Before this commit, this created a new Genode
thread, but did not destroy a previously finished Genode thread first.
Fixes#2928
Add additional parsing modes to the sequence decoder to detect and
discard unhandled sequences for ECMA-48, DEC private, and Xterm.
Add new behavior for cursor movement, cursor hiding, character deletion,
and line-wrapping.
Fix#2923
The libc sockets implementation already syncs socket control files after
writes, so sync errors will induce failures for operations such as
"connect".
Fix#2920
This patch reintroduces the LwIP stack to libc as a VFS plugin
implementing the socket_fs interface. Rather than use LwIP's socket
emulation layer this plugin interfaces directly to LwIP raw API and is
single threaded.
The internal TCP parameters of the stack are untuned.
Fix#2050Fix#2335
A timer should set itslef not pending before calling the timout handler.
This is important for timeout handler that program the timeout again.
issue #2910
When the cached_fs_rom saturates the packet stream of its File_system
session it will call the session request handler recursively as pending
transfers are completed. This is bad because the content of the XML node
currently being processed will change.
The session request handler can no longer be called directly, but the
"schedule" method will submit a signal to the request handler, and
requests will be processed after the current operation has completed.
By adding a sanity check for the validity of the PD session targeted by
a transfer_quota operation, the corner case of an incomplete PD session
of a child can no longer trigger an 'Invalid_session' exception.
Calling 'handle_io_response()' in a regular VFS function (in contrast to a
post-signal hook) can cause problems if the caller of the VFS function holds
a lock which prevents the io response handler from returning.
With this commit, the user of the VFS becomes responsible for unblocking
threads which might be blocking after a failed 'queue_read()', 'queue_sync()'
or 'write()' call.
Fixes#2896
This new vfs_import plugin allows a VFS instance to be populated during
construction using a sub-VFS configured in an '<import>' configuration
node. This allows the ram_fs File_system server to be replaced by the
VFS server by reimplementing the ram_fs 'content' feature. At the
moment the copying of symlinks is not enabled, and the resources
obtained by the import file-system may not be freed after the import is
finished.
Fix#2906
The ram plugin to the VFS must send notifications to watch handles on
files when they are removed. This brings the VFS server to parity with
the ram_fs server for the sake of notifications.
Move run/fs_report to gems and use the vfs server and the vfs init
plugin in the test.
Ref #2902
This patch removes the detection of statically linked executables from
the base framework. It thereby fixes the corner cases encountered with
Sculpt when obtaining the binaries of the runtime from the depot_rom
service that is hosted within the runtime.
Statically linked binaries and hybrid Linux/Genode (lx_hybrid) binaries
can still be started by relabeling the ROM-session route of "ld.lib.so"
to the binary name, pretending that the binary is the dynamic linker.
This can be achieved via init's label rewriting mechanism:
<route>
<service name="ROM" unscoped_label="ld.lib.so">
<parent label="test-platform"/> </service>
</route>
However, as this is quite cryptic and would need to be applied for all
lx_hybrid components, the patch adds a shortcut to init's configuration.
One can simply add the 'ld="no"' attribute to the <start> node of the
corresponding component:
<start name="test-platform" ld="no"/>
Fixes#2866
When mounting a ROM module with binary="no", the
vfs will detect the 0-termination to calculate the
file size instead of using the dataspace size.
Fixes#2903
Process I/O packets in batches. If a batch is processed and there are
still packets pending, send a signal locally to the packet handler and
return to the entrypoint signal dispatcher. This prevents clients from
starving each other, which happens when a client continuously submits
packets at a faster rate than the server can process.
Fix#2900
Test of File_system I/O scheduling. It appears that a client not
submitting I/O packets slower than the VFS server can process will
starve other clients.
Ref #2900
This patch adds the /config/usb file to Sculpt, which allows then user
to manually define rules for assigning USB devices to clients. The
content is incorporated by the driver manager into the USB driver
configuration. Note that this mechanism does not work for HID devices
because these devices are claimed by the USB driver's built-in HID
support.
Issue #2890
Previously, the trace control of a thread was initialized in its
constructor (which is generic for all components). This has the
disadvantage that the CPU-session-pointer member of the thread might not
be valid at this point. And it cannot be replaced by using the
"deprecated_env" CPU session neither as constructing the deprecated
environment in causes troubles in Core. But as the trace control
shouldn't be needed in Core anyway, the initialization can be moved to
the Thread::start implementation of non-core components. This code
already takes care of the CPU session pointer.
Fixes#2901
This component is contrasted with the fs_rom server that serves
independent dataspaces to each client. Using a cache was not possible
until the region map session supported the creation of read-only
attachments.
Test at run/read_only_rom.
Ref #1633Fix#2760
The verbosity mode of the NIC bridge can be toggled with the verbose attribute
(default value shown):
! <config verbose="no" />
If enabled, the NIC bridge logs sent and received packets as well as the
lifetime of interfaces connected to the bridge.
Issue #2899
This commit contains a patch of bash's built-in default escape sequences
to match the 'screen' terminal as used by Genode's terminal component.
Fixes#2705
The test triggers the following assertion in the kernel, which will
remain unfixed as the kernel is no longer developed:
Assertion queue_state.is_set(queue_state_t::send) failed in file
.../pistachio/kernel/src/api/v4/tcb.h, line 727
This assertion is presumably similar / related to issue #1495.
Do not generate invalid configurations for the uplink domain anymore. If
some tests are disabled and therefore their routing rules at the uplink
domain would be invalid, spare out these routing rules.
Issue #2899
This patch addresses a corner case revealed by the resource_request test
on seL4 after changing the child-destruction handling with commit "base:
close PD on 'close_all_sessions'". During the destruction of the PD
session, the backing store (session-local RAM dataspace factory) of the
signal broker's slab was destroyed before destructing the signal broker.
Instantiating the signal broker after the RAM dataspace factory fixes
the destruction order.
Quietly insert forward declaration of a Input::Binding class, and make
it a friend of Input::Event and Input::Session_client. This is to allow
non-C++ language bindings (Nim) to access private members by providing
their own implementation of the Binding class.
Fix#2889
The legacy PIT timer driver is too jittery for the character-repeat
test. This patch disables the test for platforms using this device as
user-level time source, which are at the moment OKL4, Pistachio, and
seL4.
This patch makes the run script compatible with the disk-image backend
of the run tool. Since this backend attaches the boot image as AHCI
disk 0, we have to supply our custom disk image as AHCI 1.
The native CPU client holds a capability reference and the reference
counter of the capability can reach its limit when many threads are
successively created and destroyed (destroyed by the Linux kernel).
Fixes#2886
When first selecting an access point to connect to, and then - while the
passphrase entry field is displayed - switching to wired networking, the
keyboard focus was still referring to the passphrase entry field instead
of yieling the focus to the inspect window. This commit fixes the
problem by adding the wifi NIC target as additional condition.
This patch improves the handling of the corner case where a client
vanishes while a session request is in flight (CREATE_REQUESTED but
not yet AVAILABLE). This corner case could be sporadically observed with
the init_loop test on base-linux.
In the original version, the session would eventually be delivered but
never picked up by anyone. Such a stale session still uses resources that
should better be released. In the new version, the parent checks for the
liveliness of the client whenever a session is delivered. If there is no
client of the session, a close request is immediately issued to the
server. The session state must be preserved until the close requests has
been answered.
This patch moves the closing of a child's PD session from the 'Child'
destructor to the 'close_all_sessions' method. This way, the child's
PD quota is immediately returned as soon as init flags a child as
'abandoned', which removes jitter from init's RAM-state reports.
The patch is supposed to make the 'init_loop.run' test much happier.
This commit is a follow-up to "nit_fb: allow screen-relative
initial_width/height". With it, the nit_fb window created via the
launchpad can be interactively resized.
Also remove 'requires_installation_of', while also checking sbin
directories in 'have_installed'. The run scripts have been adjusted
accordingly.
Fixes#2853
The 200-second timeout of the init test triggers on some test platform
(in particular on qemu) while it is overly pessimistic on others.
This patch aims at stabilizing the timing behavior of the test across
the tested kernels/machines.
This is a follow-up patch of "init: avoid too eager child restart". On
each config update of init, init re-applies child-specific configuration
changes. In the case of an already exited child, this re-evaluation
wrongly marked such a child as abandoned because the child's environment
sessions do no longer exist. Abandoning the child, in turn, triggers the
destruction and subseqent restart (because the <start> node of the
configuration still exists). The latter is bad for two reasons.
First, the exit state of the original instance becomes lost. Second, the
restart may have unexpected side effects due to sessions created by the
new instance. I.e., when resizing a partition in sculpt, init would
wrongly restart the gpt-write tool after the tool successfully exited.
This collides with a newly started instance of part_blk/resize2fs, which
now competes with the second gpt-write instance for the exclusive access
of the targeted block device.
The patch prevents init from re-applying configurations to exited
children. The accompanied test case covers the corner case.
Do not simply wait for the good ping test to finish, but for the other
flood tests to trigger the RAM exhaustion. This makes the test more
robust with slower platforms or a different timing.
Issue #2857
The log messages covered by verbose_packet_drop were previously
configured by the verbose attribute. This isn't the case anymore. Now,
you can configure them as follows:
! <config verbose_packet_drop="no" ... >
! <domain verbose_packet_drop="no" ... />
! <config/>
The new attribute determines whether to log each packet drop and the
rational behind it. The <config> value affects all domains without a
<domain> local value.
Issue #2857
The default value of each <domain> is the <config> value. However, if
a <domain> local value is set, the <config> value doesn't affect this
value at all.
Fixes#2874
The ICMP-Echo-server functionality of the router has the following
configuration attributes (default values shown):
! <config icmp_echo_server="yes">
! <domain icmp_echo_server="yes" ... />
! </config>
The icmp_echo_server attribute configures whether the router answers ICMP Echo
requests that address the router. The <config> value affects all domains
without a <domain> local value.
Issue #2874
This patch ensures that session-create requests are handled after close
requests, which solves the corner case where one single-session server
receives a close and create request at the same time. E.g., when
expanding a partition with Sculpt, the gpt-write tool is removed and
part_blk is started (to execute resize2fs on top) in one step. Both
interact with the USB-block driver, which is a single-session server.
Fixes#2877
- Reordering and cleanup of commits to form a common branch shared by others
- Add right bit to deny portal usage for cross-core IPC
- avoid GP when switching on AMD SVM if disabled by UEFI/BIOS
Issue #2854
When a domain is updated to a new component config, the two criteria for
keeping an ARP waiting state of a remote domain are whether the remote
domain still exists and whether its IP config is still the same. This
means that a domain must also dissolve all of its remote ARP waiting
states if its IP config changes (without an update of the component
config). This wasn't the case until now.
Issue #2840
The top-level Sculpt configuration is routing ROM requests for chargen
files from the input_filter to the parent, and this prevents new chargen
files to specified, for instance the German or Workman layout. Route ROM
requests with a combination of label_prefix and label_suffix patterns to
the config_fs_rom component, allowing the input_filter to be dynamically
reconfigurable.
Fix#2872
It can happen that a keyboard gets plugged in and 'led_connect()' is
called while the keyboard LED of another keyboard is just being updated
(and the registry is locked).
Fixes#2869
- initialize the stack size attribute with `Libc::Component::stack_size()`
as default value
- remove the possibly uninitialized `pthread` member from the attribute
structure and obtain current attribute values in the
`pthread_attr_get_np()` function, where the `pthread` object reference
is given as argument
- let each thread obtain its stack address and actual stack size at thread
start to have the information available for other threads
Fixes#2865
The apu2c4 boards have 3 i210 PCI devices (one for each LAN port). Other
apu2 boards use i211 device IDs according to https://www.pcengines.ch/apu2.htm
but could not be tested.
This commit also incorporates an upstream MAC address handling fix.
The libc will now use the file given by the 'nameserver_file' attribute
to get the DNS nameserver address instead of reading '/etc/resolv.conf'.
It defaults to '/socket/nameserver' which is the common location when
using the lxip VFS plugin. As a constraint the libc will read the first
line and expects the nameserver address without any keywords in front of
it.
Fixes#2861.
Merge the configuration from raw/pdf_view into the pkg/pdf_view runtime
file. Request a File_system session and load files from there, rather
than by ROM.
Ref #2859
The component is no longer loads from '/test.pdf', the first PDF file
found in the root directory of the file-system is loaded automatically.
The behavior cannot be overridden by configuration.
Feed MuPDF with characters from input events to MuPDF rather than
translate raw key codes to ASCII. This enables almost all MuPDF key
bindings without the need to maintain a lookup table. Mouse navigation
has been enabled as well. To print the key-bindings to log, press '?'.
Fix#2859
The chroot server was conceived to automatically place File_system
sessions into segregated root directories by converting session labels
to paths. If multiple children needed to be grouped under the same path,
a 'merge' policy would truncate the session label before path conversion.
Now that init can rewrite session labels and thus reproduce truncation,
the chroot merge feature is redundant and can be removed.
Fix#2846
Removed the modified mark from handles that have been written to when
they are synced, otherwise a notification would be sent again when the
handle is closed.
Ref #2839
* Do not log events that are not critical (deadly) to the NIC router if not
configured to be verbose,
* Print almost all log lines with a prefix of the domain name they are
related to,
* And, do not use Genode::error and Genode::warning as they make it hard to
read the log with the domain name prefixes.
Fixes#2840
Introduce the uplink tag:
! <config>
! <uplink label="wifi" domain="uplink">
! <uplink label="wired" domain="wired_bridge">
! <uplink domain="wired_bridge">
! <config/>
For each uplink tag, the NIC router requests a NIC session with the
corresponding label or an empty label if there is no label attribute.
These NIC sessions get attached to the domain that is set in their
uplink tag as soon as the domain appears. This means their lifetime is
not bound to the domain. Uplink NIC sessions can be safely moved from
one domain to another without being closed by reconfiguring the
corresponding domain attribute.
Attention: This may render previously valid NIC router configurations
useless. A domain named "uplink" doesn't automatically request a NIC
session anymore. To fix these configurations, just add
! <uplink domain="uplink"/>
or
! <uplink label="[LABEL]" domain="uplink"/>
as direct subtag of the <config> tag.
Issue #2840
The term was used for the old configuration during the handling of a new
configuration but in other places it was already called old_config.
Issue #2840
Dissolve and destroy the invalid domain first before deinitializing all
domains for the next round. This way, the deinitialization is not done twice
for the invalid domain.
Issue #2840
Due to a bug in the deinitialization of the DHCP server of a domain (the
reference to the destroyed object was not cleared), the NIC router could
end up in a page fault caused by a double-free at the heap. This also fixes
the previously missing dissolving of the "DNS-server-from" relation to a
remote domain.
Issue #2840
Internally, Genode::Session_label has a typedef from String<capacity()> to
String. To have this typedef public is especially useful when reading a
label from an XML node. This can then be written as
! Session_label label = node.attribute_value("label", Session_label::String());
instead of
! Session_label label = node.attribute_value("label", String<160>());
which would be less generic (Session_label cannot be used directly as there
is no appropriate ascii_to implementation).
Issue #2840
Currently has three clients that continuously create new UDP/TCP/ICMP
connections through the NIC router with NAT to the outer world and they
get never closed. A fourth client does normal ping through the same
domain to the outer world that must succeed even after the RAM quota of
the other session at the router is exhausted. The test is restricted to
Qemu to not being at risk to flood real networks.
Issue #2857
Currently, if the target of a reply capability gets destroyed, the
ipc syscall reply/wait returns with an error. Although we detect
the error condition we continue with reply/wait, which leads to
an endless loop. This commit introduces a condition analoque to
the base-library for pistachio and fiasco to do an open wait if an
error occured during a reply.
This patch weakens the aggressive restart of a child with incomplete
environment sessions. The restart check is performed each time
the init configuration changes. In sculpt, this is not a rare special
case anymore but a frequent case when using the depot_rom as provider
for environment ROM sessions. In particular when starting a chain of
inter-depending children, the sculpt-manager quickly generates a
sequence of configurations with successively added start nodes.
The addition of the 'Cap_consumer' feature to app/dummy increased the
static RAM demand of the component to a point where 1 MiB no longer
suffices on sel4 (on this kernel, the base library uses a larger amount
of statically allocated data compared to the others). The tweaks enable
init.run and init_loop.run to work on sel4 on x86-64.
Selecting an alternate interface setting, even if it is the same as the
current one, apparently makes the INQUIRY command fail with USB devices
like 'SanDisk Ultra Fit' (0781:5583) and 'Corsair Flash Voyager'
(1b1c:1a03) when the USB block driver is restarted.
Fixes#2860
* Catch Quota_guard exceptions wherever we do 'new (_alloc)' in Interface
and in case drop the packet that caused the exception
* Modify Interface::handle_config_2 to not use the guarded allocator of the
NIC session quota as we cannot handle a RAM exhaustion well at this point
in time. Instead use a Constructible member in Interface so that a needed
RAM adds up to the calculation in the create_session implementation where
an exhaustion is handled via a service denial.
Issue #2857
The interface destructor called pure virtual methods at least when
cancelling ARP- waiting states. The implementations were made by the
deriving classes Session_component respectively Uplink. This led to an
abort of the NIC router as the destruction of the derived class was
already done. A similar problem already occured in the past during the
construction of Interface and was back then solved by introducing a
separate init() method. This commit, however, solved the problem by
making Interface a member of the other classes. Therefore, the init()
method could be removed again. Furthermore, the interface polica could be
moved from Session_component_base to Session_component. The commit also
had to generalize the way the link state of an interface is determined.
Fixes#2856
With this patch, the sculpt manager takes over the role the window
layouter of the leitzentrale, which eliminates the need to manually
position and size the inspect window.
While a child is abandoned, we must limit the start of anothers with
the same name. Otherwise - of the child has startup problems - a number
of abandoned children with the same name may queue up. This becomes a
problem whenever the child destruction depends on an asynchronous
service that provides an env session for the children. If the service is
unable to keep up with the session requests (both create and close),
the queue of abandoned children becomes unbounded. Limiting the child
creation rate to one abandoned child per name mitigates this problem.
This patch reduces the latency of state reports when children are
removed or added, thereby, accellerating the feedback loop between a
management component and init during the staged startup or removal of
inter-dependent components.
Whenever an environment session was provided by an asynchronous service,
e.g., the depot_rom of the sculpt scenario, the session quota was not
transferred to the server at session-creation time. This resulted in a
slow depletion of the server's quota over time. This patch ensures that
the delivery of session quota is consistent with the information
reported to the server as session argument.
The 'Child::_revert_quota_and_destroy' assumes to be called from the
client's context, which is normally the case when destroying sessions.
However, if a client's session outlives the client (because the
asynchronous close request to the server is still pending), the session
cleanup is performed in the context of the server. Here, the
'session_response' implementation wrongly called
'_revert_quota_and_destroy' to the effect that the session quota was
withdrawn from the server (good) but subsequently transferred back to
the server (bad). The patch replaces the call of
'_revert_quota_and_destroy' with only the first - correct - part of the
transaction.
This test monitors the RAM quota of a dynamic init and a server hosted
within the dynamic init in the presence of a repeatedly created and
destructed client.
Previously we were doing the initialization once over all domains,
remembered which of them became invalid and destroyed those afterwards.
This isn't sufficient. As soon as one domain becomes invalid we have to
dissolve/destroy this one, deinitialize all other domains again (as they
could contain references to the invalid domain) and retry to initialize
them from the beginning. We proceed with this until we have one run
without a domain becoming invalid. Then we can be sure that the last
initialization run did not create references to any invalid domain.
Issue #2840
The generic helper Avl_string_tree of the NIC router is currently only
used for finding domains via their names, but in the future it can be
used for finding uplinks by their labels also. Additionally, it enables
us to throw an exception when inserting two elements with the same
identifier.
Issue #2840
This patch suppresses the start of components that cannot run because
obvious runtime dependencies (used servers) are missing in the runtime.
In this situation, the sculpt manager gives diagnostic feedback to the
user in the runtime dialog.
* Get rid of the base classes Rule and Leaf_rule,
* Make log output about initiated or invalid routing rules conform to the rest
of the router log, and
* Ensure that each type of routing rule when being invalid invalidates its
whole domain.
Issue #2840
On Linux, we have a tap device as NIC back end but there is no one to
ping to in the subnet of the tap device. On FOC, the tests seem to trigger
a bug in the destruction of components with parent.exit(X); .
Fixes#2848
Sculpt's discovery of the default storage target can be intercepted by
user input (i.e., pointer movements) at boot time. The patch makes this
intervention mechanism robust for the case where nitpicker's first hover
report arrives after all storage devices were already scanned.
By tracking the states for an interactive selected NIC target (managed)
and a manual-defined NIC target (config/nic_router) separately, the
sculpt manager becames able to present the user with the ability to
interactively disable and re-enable a manually-managed network
configuration.
The sculpt manager wrongly paid for the nitpicker session of the fader
out of its own pocket. This patch reduces the quota transfer to the
amount provided the fader.
When updating the GPT to match the underlying block device, the
protective MBR will normally also be updated. In case a hybrid MBR is
used, as is done if 'image/disk' is specified, setting the
'preserve_hybrid' flag will prevent the component from overriding the
MBR.
The condition was too rigid. In the case where no motion occurred in
between the press and release events of the magic button, the delayed
press event would not be delivered. This - in turn - confused other
components (like nitpicker) down the input chain.
for such classes where it should be safe and where we have seen issues.
Disabling in general bus master DMA causes on some machines hard hangs, e.g.
because the USB handover protocol was violated.
Fixes#2835
In contrast to most information of init's state reports, which can be
monitored at a relatively low rate (like 2 seconds in Sculpt's runtime),
resource requests call for an immediate response by the consumer of the
report. Otherwise the requesting child stays unnecessarily blocked until
the next rate-limited state report is due. This patch adds a fast lane
for such low-latency state updates to init.
- support saving of files with no file name extension
- make the the "All Files (*)" file selection filter the default to see
configuration files immediately
Fixes#2844
This commit updates Early-Adopters (EA) version of Sculpt to the version
for The Curious (TC). Most importantly, it contains the new interactive
sculpt-manager component that automates many system management and
configuration tasks.
In case of an Alloc_return error, don't free the address at 0. If this
is a managed dataspace, there could be valid attachments which then gets
lost.
Make decreasing alignment search working. Continue with lower alignment
restrictions in case the optimal alignment wish can't be fulfilled.
Do not send nor buffer packets at interfaces with link state "down". This
prevents that packets that were routed to one network (allowed to see them),
due to a sudden link down/up, are leaked to another network that is not
allowed to see them.
When updating an interface in the NIC router to a new configuration and
the domain name of the interface has not changed but the domain
disappeared, the NIC router did not detach from the old domain correctly
which led to broken remnants of interface state objects (like connection
states).
Adapt the nic_router_uplinks run script to work with the fix.
fs_report truncated the report file on construction of the report
session to mimic an "empty report". This prevented existing use cases
where the initial state was already written to the file system by other
means.
I doubt that use cases exist where the inital empty-report mimic is
needed and (if I'm wrong) there is still the race of the consumer
reading the file just before the report session is constructed.
Reporters that want to enforce an empty initial report should send it
explicitly.
This patch enhances the 'Child' interface with the ability to retry the
deployment after an initial attempt failed. This way, packages can be
installed on demand based on the error feedback of deployment attempts.
The state report reflects the progress of downloading, verifying, and
extracting archives. For the download step, it includes the progress
as reported by fetchurl.
