Commit Graph

1329 Commits

Author SHA1 Message Date
Martin Stein
38e50a5b4f nic_router/README: adapt to new ICMP features 2018-04-10 11:20:45 +02:00
Martin Stein
ce9a0cbc19 nic_router/config.xsd: add icmp_idle_timeout_sec 2018-04-10 11:20:45 +02:00
Martin Stein
6edf9ccf5a net: get rid of static constructors 2018-04-10 11:20:44 +02:00
Martin Stein
84a3fbd239 app/ping: perform ICMP Echo to another IP host
The 'ping' component continuously sends ICMP Echo requests to a given IP host
and waits for the corresponding ICMP Echo replies. For each successfull ICMP
Echo handshake it prints a short statistic. By now, it can be used only with a
static IP configuration. The size of the ICMP data field can be configured. It
gets filled with the letters of the alphabet ('a' to 'z') repeatedly.

Issue #2732
2018-04-10 11:20:44 +02:00
Christian Helmuth
92edcb17e5 Warn on redundant call to exec_static_constructors() 2018-04-10 11:20:43 +02:00
Martin Stein
b3791fabc2 test/timeout: test locks in handlers
Originally, the timeout framework caused deadlocks when acquiring the same
lock from different timeout handlers. This use case is now tested in the
timeout test.

Fixes #2704
2018-04-10 11:20:43 +02:00
Martin Stein
f681f9e844 test/timeout: fix typo
Issue #2704
2018-04-10 11:20:43 +02:00
Martin Stein
93a0c66589 timeout: do not handle timeouts while scheduling
To handle all pending timeouts in the context of scheduling a timeout
was only necessary because the Timeout framework once made use of the
Alarm framework. The method Alarm_scheduler::schedule_absolute took an
absolute deadline as argument and we couldn't change this beause the
Alarm framework was also used without the Timeout framework. We had to
calculate this absolute deadline with the now time of the Timeout
framework but the Alarm framework has its own now time that is always a
bit behind the one of the Timeout framework. This lead to bad decisisons
when finding the right position for the new timeout. Now, we can call
schedule_absolute with a relative duration and thereby fix the problem.

When we schedule an absolute timeout without considering the small time
difference, the end-time for the timeout that is calculated using the
local time value is also smaller than the expected end-time. This can
also lead to directly triggering timeouts that should have triggered
with a certain delay.

As it is not trivial to update the local time value while scheduling a
timeout _without_ calling other timeout handlers, we simply raise the
duration of the new timeout by the age of the local time value.

Issue #2704
2018-04-10 11:18:18 +02:00
Martin Stein
f152e3e9d0 timeout: dequeue all pending alarms before reschedule
This fixes the problem that large timeouts, when rescheduled, are interpreted
to be from the last now_period instead of, what would be right, the next
now_period. This occured if there were multiple pending alarms at the head of
the queue and the reschedule of the first one was done with the other outdated
deadlines still in place.

Issue #2704
2018-04-10 11:11:55 +02:00
Martin Stein
bfb96536da timeout: _setup_alarm calculates deadline itself
Instead of taking the absolute deadline of a timeout as argument from
outside (where it is calculated with a freshly requested now time), we
now take a relative duration as argument and calculate the deadline with
the scheduler-internal now time (which can be a little bit outdated).
This enables us to schedule timeouts without updating the internal now time
and thereby handle all pending timeouts.

Issue #2704
2018-04-10 11:11:55 +02:00
Martin Stein
38dbd59d8a timeout: become independent of the Alarm framework
Integrate the code of the Alarm framework directly into the Timeout
framework.  The former Alarm-framework methods are all private to the
corresponding classes of the Timeout framework and get prefixed with
'_alarm__'. The latter avoids name clashes and makes it easier to
simplify the code later.

Issue #2704
2018-04-10 11:11:54 +02:00
Martin Stein
8c7bbdecdf nic_router: conform log in Domain
In the domain class there were several places where output was generated
not conforming to the typical output format of the router ("[domain]
event: parameters").

Issue #2670
2018-04-10 11:11:54 +02:00
Martin Stein
87eb23f562 nic_router: fix uncaught Domain_tree::No_match
When having an interface that yet is not attached to a domain, then a new
configuration comes in and the interface receives a domain name (via the
policy tag) but the corresponding domain doesn't exist, an exception
Domain_tree::No_match is thrown but was not caught and handled until now.

Issue #2670
2018-04-10 11:11:54 +02:00
Martin Stein
54b10b1b38 nic_router: forward ICMP dst unreachable messages
This follows the guidelines in RFC 5508 to enable forwarding of ICMP
"Destination Unreachable" that correspond to an existing link state in
the NIC router. It also serves as blueprint for forwarding ICMP error
messages in general (They are merely not enabled because we don't test
them).

Issue #2732
2018-04-10 11:11:54 +02:00
Martin Stein
6a988749a1 nic_router: print packet info before sending it
By now, the 'verbose packets' output when sending packets was printed after
finish sending the packet. This makes following the packet flow harder if you
have multiple components that print such information.

Issue #2732
2018-04-10 11:11:54 +02:00
Martin Stein
168407a40a nic_router: config attribute 'mac_first'
The mac_first attribute tells the MAC-address allocator of the router
from which MAC address to start allocating. This is useful, for
instance, if you have nested nic_routers. In this case, identical
MAC-allocator settings have led to name clashes in the past, so, you
want to be able to configure them differently.

Issue #2732
2018-04-10 11:11:53 +02:00
Martin Stein
7b3343c2dc nic_router: NAPT for ICMP echo messages
This follows the guidelines in RFC 5508 to enable ICMP echo through a NAPT
channel of the NIC router. It serves also as blueprint for ICMP queries in
general (they are merely not enabled because we don't test them by now).

Issue #2732
2018-04-10 11:11:53 +02:00
Martin Stein
d2adce7ba6 nic_router: fix bug in Link::handle_config
We updated UDP link states with the wrong idle-timeout value.

Issue #2732
2018-04-10 11:11:53 +02:00
Martin Stein
8981d3baf5 nic_router: conform log in Interface::_handle_eth
Prefix "Drop Packet" messages always with "[<DOMAIN>]".

Issue #2732
2018-04-10 11:11:53 +02:00
Martin Stein
9b936dd120 nic_router: packet verbose at detached interfaces
The 'verbose packets' output previously was not generated for Interfaces
without a domain. But this is desirable as the router nonetheless
receives packets at such interfaces. This is now fixed and such output
is simply prefixed with a "[?]" denoting that the interface has no
domain.

Issue #2732
2018-04-10 11:11:53 +02:00
Martin Stein
98617432c3 nic_router: send ICMP error on unroutable packet
Send an ICMP "Destination Network Unreachable" as response to packets that
are not routable by the NIC router.

Issue #2732
2018-04-10 11:11:52 +02:00
Martin Stein
4dc8f6dca4 nic_router: fix missing IPv4.ECN initialization
We missed to zero-out the ECN field in IPv4 packets. We don't use the ECN
field but there might be old data left in the packet RAM allocated by the
NIC packet streams. If we don't zero-out ECN it might leak old data.

Issue #2732
2018-04-10 11:11:52 +02:00
Martin Stein
009330ab4c nic_dump: support ICMP
Print out common header information of the Internet Control Message
Protocol.

Issue #2732
2018-04-10 11:11:52 +02:00
Martin Stein
365bd347a6 net: ICMP protocol
Packet format and common utilities for the Internet Control Message
Protocol.

Issue #2732
2018-04-10 11:11:52 +02:00
Emery Hemingway
9c6b720ec1 Notification support for the VFS library
Add a new 'Vfs_watch_handle' type to the VFS interface. This handle type
will pass a handle context up through the I/O handler to the application
when a notification event occurs.

Watch support implemented for RAM and File_system plugins, all other
file-systems return WATCH_ERR_STATIC by default.

Test at run/fs_rom_update_ram and run/fs_rom_update_fs.

Fix #1934
2018-04-10 11:11:51 +02:00
Norman Feske
3778558608 os: reworked nitpicker_gfx/text_painter.h
This patch improves the `Text_painter` utility that is commonly used by
native Genode components to render text:

- Support for subpixel positioning
- Generic interface for accessing font data
- Basic UTF-8 support

Since the change decouples the font format from the 'Text_painter' and
changes the API to use the sub-pixel accurate 'Text_painter::Position'
type, all users of the utility require an adaptation.

Fixes #2716
2018-04-10 11:09:18 +02:00
Norman Feske
b0b92e4ee2 vfs: pass root directory to plugins
This patch enables the use of the VFS from VFS plugins by passing a
reference of the root directory to the constructors of file-system
instances. Since it changes the signature of 'Vfs::Dir_file_system',
any code that uses the VFS directly requires an adaptation.

Fixes #2701
2018-04-10 11:09:17 +02:00
Martin Stein
e213b9046d nic_router: inform clients on DNS server change
If the remote DNS server address value of a DHCP server changes, the affected
interfaces do a link down/up to inform all DHCP clients that they should
re-request their DHCP info.

Issue #2730
2018-04-10 11:06:00 +02:00
Martin Stein
4bee38ea62 nic_router: DHCP server considers dns_server_from
The dns_server_from attribute of the dhcp-server tag has effect only if
the dns_server attribute of the same tag is not set. If this is the
case, the dns_server_from attribute states the domain from whose IP
config to take the DNS server address. This is useful, for instance, if
the stated domain receives the address of a local DNS server via DHCP.
Whenever the IP config of the stated domain becomes invalid, the DHCP
server switches to a mode where it drops all requests unanswered until
the IP config becomes valid again.

Issue #2730
2018-04-10 11:06:00 +02:00
Martin Stein
fec53690d7 nic_router: get DNS server from dynamic IP config
If available, read and remember DNS server address from DHCP replies per
domain.

Issue #2730
2018-03-29 16:13:22 +02:00
Martin Stein
04c3ae56ed nic_router: read DHCP-server config only once
Until now, the DHCP server of a domain was re-constructed each time the
IP config changed. This is not necessary as a domain that acts as DHCP
server must have a static IP config as it would be senseless to act as
DHCP server and client at the same time. Now, a configured DHCP server
is constructed only when the Domain gets constructed and stays alive
until the domain gets destructed. Furthermore, we now throw Domain::Invalid
if there is no static IP config plus a DHCP server configured. However, by
now, this exception is not caught as it is not trivial to destruct the
domain at this point.

Issue #2730
2018-03-29 16:12:05 +02:00
Martin Stein
7d50219902 nic_router: add missing 'override' declarations
Issue #2730
2018-03-29 16:10:13 +02:00
Martin Stein
b344f2bc39 nic_router: fix pure virtual call in Interface
The Interface constructor previously tried to attach to a domain.  This
might include sending a DHCP request to get the domain a valid IP config.
But in order to achieve this, the constructor used a pure virtual method
of Interface which crashes due to the unfinished vtable. To fix this bug,
the attach attempt was moved to a new Interface::init method.

Issue #2730
2018-03-29 16:09:52 +02:00
Martin Stein
1044c2fcab nic_router: simplify the pointer utility
Instead of Pointer<T>::set use assignment operator with implicit constructor
from T-reference. Instead of Pointer<T>::unset use assignment operator with
Pointer<T>(). Instead of Pointer<T>::deref provide () operator.

Issue #2730
2018-03-29 16:03:28 +02:00
Martin Stein
92a30e0953 nic_router: handle configuration changes
The router reacts as follows to a configuration change:

1) Construct new internal configuration representation (the old one stays
   in place to be able to do comparisons in the following steps)
2) Iterate through all user-dependent objects (interfaces, link states, ARP
   information, DHCP information) and re-check which remain valid with the
   new configuration and which must be dismissed.
3) Adapt the objects that remain valid to the new configuration (re-write
   references) and remove or detach the dismissed objects.
4) Do a link state DOWN at each interface and a link state UP at each
   interface that remains attached to a domain.
5) Replace the old internal configuration representation with the new one

This way, the router keeps as much user dependent states as possible
while going through a configuration change. Thus, overwriting the old
configuration with an exact copy of itself is (almost) transparent to
clients of the router. Almost, because there are things the router must
do on every configuration handling, like re-scheduling the expiration
timeouts of links.

Ref #2670
2018-03-29 15:39:44 +02:00
Martin Stein
4e8453b7bf nic_router: destroy list items during for_each
The for_each method of the List wrapper remembers the next list item
before calling the functor on the current one, so, the current one can
be destroyed during the functor.

Ref #2670
2018-03-29 15:39:44 +02:00
Martin Stein
930c29a50c nic_router: != operator for IP config
Ref #2670
2018-03-29 15:39:36 +02:00
Martin Stein
ec240a64d9 nic_router: != operator for IP address prefix
Ref #2670
2018-03-29 15:39:36 +02:00
Martin Stein
709afcd945 nic_router: overwritable reference wrapper
While references are const and always valid, this wrapper is like a reference
that is only always valid and can be overwritten.

Ref #2670
2018-03-29 15:32:39 +02:00
Martin Stein
119b9f9c2c nic_router: alloc specific bits at bit allocator
Method to allocate specific bits at a Bit_allocator_dynamic

Ref #2670
2018-03-29 15:32:39 +02:00
Martin Stein
03062b83b6 nic_router: alloc specific port at port allocators
Methods to allocate a specific port at Port_allocator and
Port_allocator_guard.

Ref #2670
2018-03-29 15:30:20 +02:00
Martin Stein
e0081cfc29 nic_router: safe pointer class for const objects
Const_pointer class that enables the use of the pointer wrapper for
const ojects.

Ref #2670
2018-03-29 15:30:03 +02:00
Martin Stein
5926261e08 nic_router: Avl_tree wrapper with destroy_each
AVL tree wrapper with method to destruct and deallocate each item of the
tree.

Ref #2670
2018-03-29 15:30:03 +02:00
Martin Stein
44dd55a268 nic_router: destroy_each for domain tree
List method to destruct and deallocate each item of a domain tree.

Ref #2670
2018-03-29 15:24:02 +02:00
Martin Stein
d5f645ee69 nic_router: destroy_each for list wrapper
List method to destruct and deallocate each item of a list.

Ref #2670
2018-03-29 15:23:31 +02:00
Martin Stein
8fff7df438 nic_router: safe pointers that are valid and const
Add safe pointer constructor that takes a reference as argument to enable the
use of the safe pointer wrapper as const object.

Ref #2670
2018-03-29 15:22:52 +02:00
Martin Stein
2c2037952d nic_router: support interfaces without a domain
Clients can connect at any time to the NIC router. The interfaces (sessions)
get attached to the appropriate domain as soon as it appears. This implies
that interfaces can also be detached from a domain without beeing destructed
when the domain disappears. All user dependent states of an interface such as
the link states, DHCP allocations and ARP information get lost when the
interface gets detached.

Ref #2670
2018-03-29 15:22:34 +02:00
Martin Stein
63de13b50e nic_router: conform domain labeling in log
Adapt domain labeling of packet receive/send messages in log to other domain
specific log messages.

Ref #2670
2018-03-29 15:21:07 +02:00
Martin Stein
2a77976164 nic_router: add verbose_packets per domain
A domain logs its packets if one of the global 'verbose_packets' or its local
'verbose_packets' is switched on.

Ref #2670
2018-03-29 15:20:20 +02:00
Martin Stein
bd16f89617 nic_router: add verbose_packets attribute
This separates the decision wether to log the received and sent packets
from the 'verbose' attribute. This information is now only logged if
'verbose_packets' is switched on. If 'verbose' is switched on, only
routing decisions and optional hints are printed.

Ref #2670
2018-03-29 15:20:15 +02:00
Reto Buerki
47724c68c2 platform_drv/x86: Switch to ECAM/MMCONF
Switch port I/O based PCI config space access to memory-mapped IO.  The
base address of the PCI configuration space is acquired by mapping the
ACPI ROM and reading the first <bdf> node. An exception is thrown if the
first <bdf> node is not for PCI domain zero or if multiple <bdf> nodes
exist. This is to reduce complexity and also because multiple PCI
domains are rare.

The PCI configuration space is accessed via I/O mem dataspace which is
created in the platform_drv root and then passed on to the PCI session,
device components and finally to the actual PCI config access instances.

The memory access code is implemented in a way to make it work with Muen
subject monitor (SM) device emulation and also general x86 targets. On
Muen, the simplified device emulation code (which works also for Linux)
always returns 0xffff in EAX to indicate a non-existing device.
Therefore, EAX is enforced in the assembly templates.

Fixes #2547
2018-03-29 14:59:04 +02:00
Norman Feske
d59d07b5e3 os: util/utf8.h for UTF-8 string handling
This patch adds a simple UTF-8 decoder at 'os/include/util/utf8.h'
along with a test at 'os/run/utf8.run'.

Fixes #2717, related to issue #2716
2018-03-27 13:44:27 +02:00
Alexander Boettcher
80e1dce1b0 nova: abandon hypervisor_info_page ROM
replace by platform_info ROM supposed to exist on all supported
kernels.

Fixes #2710
2018-03-08 14:24:05 +01:00
Alexander Boettcher
8e9390e964 apci_drv: ignore invalid ACPI tables 2018-03-08 12:05:10 +01:00
Alexander Boettcher
a322fbf822 os: avoid warning in vfs server
[init -> depot_download -> dynamic -> fetchurl] Error: packet operation=3 failed

Issue #2672
2018-02-28 11:05:03 +01:00
Josef Söntgen
2e9a19d5b0 chroot: enforce writeable policy decision
The writeable decision given in the policy will always override the
decision made by the client.

Fixes #2643
2018-02-19 20:50:48 +01:00
Norman Feske
69ac68ca98 nit_fb: prevent enlarging mode when out of RAM
This patch adds a safety check to nit_fb to ensures that nit_fb never
runs out of RAM. Should the available RAM not suffice for resizing the
virtual framebuffer to a new mode, it keeps the current mode.
2018-02-15 10:22:10 +01:00
Alexander Boettcher
accc7e7521 fs servers: handle result propagation better
This patch removes the notion of partial writes from the file-system
servers. Since write operations are asynchronously submitted, they are
expected to succeed completely, except for I/O errors. I/O errors are
propagated with the write acknowledgement but those are usually handled
out of band at the client side. Partial writes must never occur because
they would go undetected by clients, which usually don't wait for the
completion of each single write operation.

Until now, most file-system servers returned the number of written bytes
in the acknowledgement packet. If a server managed to write a part of
the request only, it issued the acknowledgement immediately where it
should have cared about writing the remaining part first.

The patch detects such misbehaving server-side code. If partial writes
unexpectedly occur, it prints a message and leaves the corresponding
request unacknowdleged.

Issue #2672
2018-02-15 10:22:08 +01:00
Alexander Boettcher
f4e9c94bf2 vfs lib: complain about unsuccessful fs packets
Issue #2672
2018-02-15 10:22:08 +01:00
Alexander Boettcher
bfd24de4ad vfs: notify all blockers in fs adapter
if requested so ( by _post_signal_hook.arm(nullptr) )

Issue #2664
2018-02-14 20:41:10 +01:00
Alexander Boettcher
f05c4df36a vfs: handle submit_ready signal in fs adapter
to avoid starvation.

Issue #2664
2018-02-14 20:41:09 +01:00
Emery Hemingway
4a3fc21ada New watch handle mechanism for File_system session
File_system clients may now watch files and directories for changes by
opening a 'Watch_handle' rather than submitting a 'CONTENT_CHANGED'
packet to the server. When a change happens at a node with an open
Watch_handle a CONTENT_CHANGED packet will be sent from the server to
the client. This serializes registration with other handle operations
and separates I/O handle state from notification handle state.

Test at run/fs_rom_update.

Ref #1934
2018-02-14 20:41:09 +01:00
Emery Hemingway
c7d0accac0 VFS: catch Out_of_ram and Out_of_cap exceptions
Catch out of RAM and capability exceptions and return error values.
Abort opening a composite directory at Dir_file_system where an
opendir call on any child file-system returns an OUT_OF_RAM or
OUT_OF_CAPS error.

Ref #2642
2018-02-14 20:41:07 +01:00
Norman Feske
cd7e3425ee nit_fb: allow screen-relative initial_width/height
This change enables the use of negative values for the 'initial_width'
and 'initial_height' attributes to specify values that are relative to
the screen size. This is consistent with the meaning of the 'width' and
'height' attributes.
2018-02-14 20:41:04 +01:00
Norman Feske
8aa1e349fc terminal session: propagate resize events
The new 'Terminal_session::size_changed_sigh' RPC function registers a
signal handler that is triggered each time when the terminal size
changes. It enables the client to adjust itself to the new size by
subsequently calling the 'size' RPC function. Of all terminal servers,
only the graphical terminal triggers this signal.
2018-02-14 20:41:03 +01:00
Martin Stein
abf9557bb5 AVL node/tree: make non-copyable
AVL trees can't be copied with the default copy constructor as the
parent pointer of the first item of both of the resulting trees would
point to the original tree. Copying an AVL node, however, generally
violates the integrity of the corresponding tree. The copy constructor
of Avl_tree is used in some places but in those places it can be
replaced easily. So, this commit deletes the copy constructor of
Avl_node_base which makes Avl_node and Avl_tree non-copyable.

Issue #2654
2018-02-09 13:34:23 +01:00
Martin Stein
4e9ff5ad7b trace_subject_reporter: fix missing include
Issue #2654
2018-02-09 13:34:23 +01:00
Stefan Kalkowski
7ba6297988 clipboard: handle focus at startup
Fixes #2667
2018-02-09 13:34:22 +01:00
Martin Stein
ccc67d6f68 trace_logger: convenient tracing frontend
The 'trace_logger' component can be used to easily gather, process and export
different types of tracing data. Which subjects to select is configurable via
session label policies and thread names. Which data to collect from the
selected subjects can be configured for each subject individually, for groups
of subjects, or for all subjects. The gathered data can be exported as log
output.

This is an example configuration of the 'trace_logger' component which shows
the default value for each attribute except the policy.thread and
policy.label:

! <config verbose="no"
!         session_ram="10M"
!         session_arg_buffer="4K"
!         session_parent_levels="0"
!         period_sec="5"
!         activity="no"
!         affinity="no"
!         default_policy="null"
!         default_buffer="4K">
!
!    <policy label="init -> timer" />
!    <policy label_suffix=" -> ram_fs" />
!    <policy label_prefix="init -> encryption -> "
!            thread="worker"
!            buffer="4K"
!            policy="null" />
! </config>

For more details see os/src/app/trace_logger/README.

Fixes #2654
2018-02-09 13:34:20 +01:00
Martin Stein
3e6d1b96e7 trace/policy/rpc_name: enable building again
Building this policy was disabled by a REQUIRES = riscv_toolchain_bugfix
to prevent compiler crashes on nightly test builds. Since the latest
RISCV toolchain update, test builds for RISCV crash at much more places
which makes this single work-around senseless.

Issue #2654
2018-02-09 13:34:20 +01:00
Martin Stein
ef1dee8bc6 init config.xsd: add ld_verbose attribute
Issue #2654
2018-02-09 13:34:19 +01:00
Alexander Boettcher
666f6c9ac4 ahci: enable pci config command memory access
Issue #2620
2018-02-09 13:34:18 +01:00
Alexander Boettcher
fcadbc9023 platform_drv: try enabling msi independent of gsi
value written in pci config space.

Issue #2620
2018-02-09 13:34:18 +01:00
Alexander Boettcher
336140c5f1 platform_drv: enable full access for pci bridges
Issue #2620
2018-02-09 13:34:18 +01:00
Norman Feske
cde8163770 os: make 'Buffered_xml' util publicly available
The 'Buffered_xml' utility is used by three components and a fourth is
on the way. To avoid another duplication of the code, this patch makes
it publicly available at 'os/buffered_xml.h'.
2018-02-09 13:34:17 +01:00
Norman Feske
faea43906f init test: conserve RAM in dummy app
This patch replaces the 'Heap' by a 'Sliced_heap' to avoid the
allocation of a 16 KiB memory block when 'dummy' acts as a server. On
seL4, such an allocation would exceed the 1M quota as assigned by the
init.run script.
2018-02-09 13:34:17 +01:00
Josef Söntgen
fe6f616cf1 nit_fb: add attribute for initial dimensions
The 'initial_width' and 'initial_height' attributes were added to
accomodate the use-case to set the initial dimensions whenever 'nit_fb'
is used in a dynamic fashion, e.g, in combination with a window manager.
These attributes may not be mixed with the 'width' and 'height'
attributes, which are mostly used when a static size configuration is
desired.
2018-02-09 13:34:16 +01:00
Martin Stein
6575df84c5 nic_router: fix use of outdated ARP-cache entries
When a NIC session is destructed at the router, we have to remove all ARP
cache entries that match the MAC address of that session. Otherwise the
outdated entries might be re-applied later, leading to wrong destination
MAC addresses in routed packets.

Fixes #2637
2018-02-09 13:34:16 +01:00
Norman Feske
e9b9f684ef os: reduce log noise by trace-info apps 2018-02-09 13:34:16 +01:00
Norman Feske
4619e2e84c init: new label_last attribute for session routes
Fixes #2647
2018-02-09 13:34:15 +01:00
Norman Feske
8fca8a9a04 nitpicker: refresh when focused client disappears
This fix handles the case where the focused domain loses its focus
because the currently focused client vanishes. In this case, the focus
will be undefined and the non-focused views of the domain become
tinted again. The refresh should take effect immediately as soon as the
client vanishes.
2018-02-09 13:34:13 +01:00
Norman Feske
e0e9b3b32e init: close all sessions of exited children
With this patch, init responds to the exit of a child by closing all
sessions of the child. E.g., if a child is a GUI application, its
nitpicker session is closed at the time of exit, not at the time when
the start node disappears from init's configuration.

Since this change requires a modification of the 'Genode::Child' class,
it takes the chance to make the child-destruction less brutal. The
new version ensures that all threads of the destructed subsystem are
destructed before other sessions, in particular PD sessions. This
eliminates spurious page-fault warnings during the child destruction.

On Fiasco.OC, closing the CPU session of a thread while being called by
the thread causes a deadlock. Hence, we skip the eager destruction of
CPU sessions on this kernel.

Related to issue #2659
2018-02-09 13:31:27 +01:00
Alexander Boettcher
df26dc07e9 trace_subject_reporter: adjust ram usage
to trace connection

Issue #2638
2018-02-09 13:26:02 +01:00
Alexander Boettcher
7c0894159f top: consider dead thread with execution time
which executed in the current measurement period but are now dead.
Keep the Entry object up to next period, where the recent_execution_time will
become 0 since it will not execute definitely.

Issue #2638
2018-02-09 13:26:02 +01:00
Alexander Boettcher
2a0f940bd7 top: adapt to ram usage of trace connection
Issue #2638
2018-02-09 13:26:02 +01:00
Martin Stein
1936667a53 test/xml_node: test Xml_node::decoded_content
Issue #2644
2018-02-09 13:26:01 +01:00
Josef Söntgen
fb1c504568 gpu: the Intel multiplexer is only for x86_64
Require x86_64 because memory/adress space limitations on x86_32
restrict the use-cases on such a platform anyway. Doing that,
we can also assume that memory adresses are always 64bit long and
do not have to handle 32bit adresses.
2018-01-17 12:14:43 +01:00
Martin Stein
8844c57254 net-stat: remove as it is not used and outdated
According to the creator of the net-stat lib, this lib was a mere debugging
tool that is not used anymore nor worth the work of updating the it to
modern Genode coding paradigms. Also, there exist no tests for the lib.
2018-01-17 12:14:42 +01:00
Martin Stein
f4a2d932e3 net: check packet data size in accessor
Instead of having a method validate_size in each packet class, check
sizes in the data accessor of the surrounding packet class. This packet
accessor is the one that casts the data pointer to the desired data type
so it is sensible that it also checks whether the desired type would
exceed the available RAM before doing the cast. This also fits nicely
the fact that for the top-level packet-class of a packet, the size must
not be checked (which was previously done).

Issue #465
2018-01-17 12:14:41 +01:00
Sebastian Sumpf
89a9e88a7e vfs: GNU long file name support for tar 2018-01-17 12:14:41 +01:00
Christian Helmuth
2b711f59ed nit_fb: fix resizing on framebuffer-mode change
Respect relative width/height configuration if the underlying
framebuffer dimensions change.
2018-01-17 12:14:40 +01:00
Norman Feske
95a2fc7167 os: component to reflect ROMs as reports 2018-01-17 12:14:37 +01:00
Norman Feske
eba9c15746 Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:

* A class with virtual functions can no longer publicly inherit base
  classed without a vtable. The inherited object may either be moved
  to a member variable, or inherited privately. The latter would be
  used for classes that inherit 'List::Element' or 'Avl_node'. In order
  to enable the 'List' and 'Avl_tree' to access the meta data, the
  'List' must become a friend.

* Instead of adding a virtual destructor to abstract base classes,
  we inherit the new 'Interface' class, which contains a virtual
  destructor. This way, single-line abstract base classes can stay
  as compact as they are now. The 'Interface' utility resides in
  base/include/util/interface.h.

* With the new warnings enabled, all member variables must be explicitly
  initialized. Basic types may be initialized with '='. All other types
  are initialized with braces '{ ... }' or as class initializers. If
  basic types and non-basic types appear in a row, it is nice to only
  use the brace syntax (also for basic types) and align the braces.

* If a class contains pointers as members, it must now also provide a
  copy constructor and assignment operator. In the most cases, one
  would make them private, effectively disallowing the objects to be
  copied. Unfortunately, this warning cannot be fixed be inheriting
  our existing 'Noncopyable' class (the compiler fails to detect that
  the inheriting class cannot be copied and still gives the error).
  For now, we have to manually add declarations for both the copy
  constructor and assignment operator as private class members. Those
  declarations should be prepended with a comment like this:

        /*
         * Noncopyable
         */
        Thread(Thread const &);
        Thread &operator = (Thread const &);

  In the future, we should revisit these places and try to replace
  the pointers with references. In the presence of at least one
  reference member, the compiler would no longer implicitly generate
  a copy constructor. So we could remove the manual declaration.

Issue #465
2018-01-17 12:14:35 +01:00
Martin Stein
226c4a475b nic_router: do not warn on sending to empty domain
The warning "no interface connected to domain" was introduced when only one NIC
session at a time could be connected to a domain. It should help to track
packet drops that were caused by startup timing issues between servers and
clients. However, a user should watch the "NIC sessions" value of a domain
(verbose_domain_state) instead when debugging packet loss. With support for
multiple sessions per domain, even a non-empty domain may still miss the
session that connects the desired server.

Fix #2629
2018-01-17 12:14:33 +01:00
Martin Stein
57bfd09328 nic_router: no memcpy on self-written packets
Previously, all packets that the router wanted to sent were first prepared to
their final state and then copied at once into the packet stream RAM. This is
fine for packets that the router only passes through with modifying merely
a few values. But for packets that the router writes from scratch on its own,
it is better to compose the packet directly in the packet stream RAM.

Fix #2626
2017-12-22 11:43:39 +01:00
Martin Stein
b6991f9c03 nic_router: send with individual composing functor
Normally, Interface::send always takes the base and size of the RAM region
where a packet was composed and copies this finished packet at once into the
packet stream RAM. But we want to be able to also compose packets directly in
the packet stream RAM, so that no memcpy is needed. Thus, Interface::send now
takes a functor that describes how to compose the packet, then allocates the
packet stream RAM and applies the functor to this RAM. there is also a version
of Interface::send that provides the old behavior but with the new back end.
This way, we stay backwards-compatible.

Issue #2626
2017-12-22 11:43:39 +01:00
Martin Stein
4c76a87fec nic_router: explanatory comment about link objects
Issue #2609
2017-12-22 11:43:39 +01:00
Martin Stein
b0e155d316 nic_router: fix available IP count in DHCP server 2017-12-21 15:01:55 +01:00
Martin Stein
d6d0bcd960 nic_router: no Arp_packet constructor when sending
When composing an ARP packet for sending, it's pointless to use the Arp_packet
constructor as the constructor only checks whether the packet is malformed.

Issue #2618
2017-12-21 15:01:55 +01:00
Martin Stein
1cae5ec8f6 nic_router: handle all "No_X_packet" exceptions
Issue #2618
2017-12-21 15:01:55 +01:00
Martin Stein
edf1f9d849 nic_router: report some useful information
The NIC router can now be configured to periodically send reports.
Configuration example (shows default values):

<config>
	<report interval_sec="5" bytes="yes" config="yes">
</config>

If the 'report' tag is not available, no reports are send.
The attributes of the 'report' tag:

'bytes'        : Boolean : Whether to report sent bytes and received bytes per
                           domain
'config'       : Boolean : Whether to report ipv4 interface and gateway per
                           domain
'interval_sec' : 1..3600 : Interval of sending reports in seconds

Issue #2614
2017-12-21 15:01:54 +01:00
Martin Stein
869297a672 nic_router: avoid "close" where we mean "dissolve"
In the context of link state objects we often used the term "close" were we
actually meant "dissolve". The term "close" originated from the TCP connection
state and is still used in TCP links in the correct manner.

Issue #2609
2017-12-21 15:01:54 +01:00
Martin Stein
859a5fd208 nic_router: simplify Interface::_new_link
Issue #2609
2017-12-21 15:01:53 +01:00
Martin Stein
4927a6f679 nic_router: multiple interfaces at one domain
Act as hub for the interfaces at a domain. This also changes the roles of the
Domain and Interface classes. By now the Interface held the data structures for
the ARP cache, foreign ARP waiters, and the searchtrees for layer 3 links. All
these structures have moved to the Domain while the memory allocations and
lifetime management for the contents of these structures still come from from
the according Interface object. The mentioned data structures were also adapted
to fit the fact that they now may maintain objects of different interfaces.

Issue #2609
2017-12-21 15:01:53 +01:00
Martin Stein
f524fb8e61 nic_router: support domain-local IPv4
If an IPv4 packet targets an IP local to the domain it comes from and doesn't
target the routers IP of that domain, forward it to all other interfaces of
the domain without considering any other routing.

Issue #2609
2017-12-21 15:01:53 +01:00
Martin Stein
b63d83e6a3 nic_router: get rid of Interface::print
Actually interfaces have no own human-readable identifier. They shall instead
use the print functionality of their domain.

Issue #2609
2017-12-21 15:01:52 +01:00
Martin Stein
0a77987778 nic_router: support domain-local ARP
Improve ARP handling code in general:
Make the several cases and their handling more clear by using a more
readable if/else statement structure. Drop gratuitous ARP requests.

Domain-local ARP:
Handle ARP packets that target local IPs other than the routers IP
(forward them to all other interfaces of the domain).

Issue #2609
2017-12-21 15:01:52 +01:00
Martin Stein
bfddad17a3 nic_router: avoid use of old term "IP allocation"
IP allocations were renamed DHCP allocations without fixing the according
places in log messages and comments. This commit rectifies this omission.

Issue #2609
2017-12-21 15:01:52 +01:00
Martin Stein
54532b99f9 nic_router: don't use color codes in log
Issue #2609
2017-12-21 15:01:51 +01:00
Emery Hemingway
ed89f2f7f0 Add millisecond accessor to Genode::Duration value object
Add a 'trunc_to_plain_ms' method to Gende::Duration to make
millisecond-accurate timing safer and more convenient.

Ref #2335
2017-12-21 15:01:51 +01:00
Josef Söntgen
6b89eaaf79 mixer: handle config verbosity update 2017-12-21 15:01:49 +01:00
Norman Feske
e23fc5a1fc init: refine verbosity handling
This patch makes service-announce messages depend on the configured
verbosity. It also omits "parent provides" title messages if no new
parent services are added during a config update.
2017-12-21 15:01:48 +01:00
Norman Feske
30f96657f1 rom_filter: make verbosity configurable 2017-12-21 15:01:48 +01:00
Norman Feske
48132c9ca3 fs_rom: remove debug message 2017-12-21 15:01:48 +01:00
Norman Feske
e4bb85b4de fs_rom: style (avoid Genode:: prefix) 2017-12-21 15:01:48 +01:00
Alexander Boettcher
892f51ab1c os: add app to transform kernel/core output to LOG
Issue #2207
2017-12-21 15:01:48 +01:00
Norman Feske
9f140ab843 chroot: adjust license header to AGPLv3 2017-12-21 15:01:46 +01:00
Emery Hemingway
4d9037d112 Hard-link loop detection for VFS tar file-system
Detect loops by walking hard-links at two different speeds and checking
for lapping. Tar link walking is no longer a recursive procedure.

Caught a loop created by GNU tar 1.29.

Fix #2611
2017-12-21 15:01:45 +01:00
Martin Stein
4dd69b1d5a nic_router: do not warn when using default values
Issue  #2590
2017-12-21 15:01:44 +01:00
Alexander Boettcher
c5f59ddfb1 signal.run: avoid deadlock during test destruction 2017-12-21 15:01:40 +01:00
Martin Stein
9c0bd03363 nic_router: no DHCP fail on unexpected DISCOVER
If a client decides to spontaneously send a DHCP DISCOVER again, even though
he has received a still valid IP config from the router, we don't want to
discard the DISCOVER like it was done before but discard the IP config
assignment and offer a new one.

Issue #2534
2017-12-21 15:01:38 +01:00
Martin Stein
70c5c31ec9 nic_router: better warnings on bad DHCP requests
Be more descriptive about why the NIC router thinks that a DHCP request
sent to him is bad.

Issue #2534
2017-12-21 15:01:38 +01:00
Sebastian Sumpf
8808b99cc5 vfs: remove session ram quota checks
The first client that creates a session, has to pay for possibly large
vfs plugin allocations (e.g., rump), which should be payed for by the
server.
2017-12-21 15:01:37 +01:00
Martin Stein
c3853494c8 nic_router: domain-state-verbose flag
When this flag is set in the config tag, the NIC router will print a
short information to the log for each general state change of a domain.
This includes currently the IP-configuration state and the number of
connected NIC sessions. This a useful addition as the normal verbose
flag's purpose is a very deep insight into almost every activity in the
router, which is cool for debugging sophisticated problems but normally
floods the log and therefore discards this option for, e.g., desktop
systems. In such systems, the new verbosity is pretty discreet but
already gives a good hint on why packets may get dropped by the router
although the routing rules are correct.

Issue #2534
2017-12-21 15:01:37 +01:00
Martin Stein
fc7999a62a nic_router: add config schema
Fix #2600
2017-12-21 15:01:37 +01:00
Martin Stein
b8d8bc3142 nic_router: do not route to domains w/o IP config
Ref #2534
2017-12-21 15:01:37 +01:00
Martin Stein
fb2398dbf2 run: target-specific config schemata
The run tool now by default checks configurations with target-specific
XML schemata. Each component may define a config schema file in its
target.mk via the CONFIG_XSD variable. When the run tool has checked an
configuration of an init instance, it additionally goes through the
start nodes of the config. For each start node it checks whether there
is an XSD file that matches. If so, the run tool also checks the config
of the start node (if existant). This is done recursively. I.e., also
the child configs of a sub-init of a sub-init of the top-level init
receive a config check.

Issue #2600
2017-12-21 15:01:36 +01:00
Martin Stein
3cdcb528ff nic_router: advanced timeout configuration
Replace former rtt_sec attribute of the <config> tag by more specific
(and still optional) attributes for timeouts used in the NIC router
(these are also the default values):

<config dhcp_discover_timeout_sec="10"
        dhcp_request_timeout_sec="10"
        dhcp_offer_timeout_sec="10"
        udp_idle_timeout_sec="30"
        tcp_idle_timeout_sec="600"
        tcp_max_segm_lifetime_sec="30">

Details about the new attributes can be found in the README of the router.

Issue #2590
2017-12-21 15:01:32 +01:00
Martin Stein
564e6a6885 nic_router: read seconds attributes generic
Issue #2590
2017-11-30 16:58:49 +01:00
Christian Prochaska
425d18e866 pointer: strip the last label element when matching labels
Issue #2585
2017-11-30 11:23:22 +01:00
Christian Prochaska
72dec21d8f pointer: fix visibility flag handling
Issue #2585
2017-11-30 11:23:22 +01:00
Christian Prochaska
dd98bd67a0 pointer: custom pointer shape support
Make the revised 'vbox_pointer' component the new 'pointer' component.

Fixes #2585
2017-11-30 11:23:22 +01:00
Christian Helmuth
f710e10206 fs_rom: log permission-denied errors 2017-11-30 11:23:21 +01:00
Christian Helmuth
1556300ea6 vfs: close directory handle in node destructor 2017-11-30 11:23:21 +01:00
Martin Stein
99ddaaa9d7 timer epit: fix multi-wraps and bug in rate limit
Multi-wraps
-----------

Previously, on every new timeout, we programmed registers LR=timeout and
CMP=0. The counter than counted from LR down to 0, triggered the IRQ,
jumped back to LR, and counted down again. If one installed small
timeouts (< 1000 us), it was likely that the counter wrapped multiple
times before we were able to read it out. Initially, this was not a big
issue as the additional wraps were simply ignored and the amount of time
lost through this was not big. But when we want to do correct rate
limitation, multiple wraps cause an overflow in the additional
calculations, and this has a big effect on the resulting time value.

Thus, we now program the counter to start from ~0 and count down to 0.
We set CMP=~0-timeout so that the timer still triggers the IRQ at the right
time. The counter continues counting down after the IRQ has triggered until
we install a new timeout. We do not consider anymore that the counter wraps.
The maximum timeout is set to half the maximum counter value, so, we should
be able to install a new timeout before the counter wraps.

Rate limit for time updates
---------------------------

In the time span between two interrupts we have to remember how many ticks
we have already added to the time value. This is because at each call of
curr_time we can only see how many ticks have passed since the last call of
schedule_timeout and not since the last call of curr_time. But we want to
limit the rate of time updates in curr_time. With the member for ticks that
were already added since the last call to schedule_timeout we can then
calculate how many are yet to be added.
2017-11-30 11:23:20 +01:00
Alexander Boettcher
057749a3a9 timeout.run: avoid variation caused by log message 2017-11-30 11:23:18 +01:00
Martin Stein
adfb1a77e2 timer/epit: remove unused code
* use correct/more modern types
* get rid of old code that was for the public use of the EPIT backend
* merge Epit_base into Time_source
2017-11-30 11:23:18 +01:00
Alexander Boettcher
c9bcce57e8 timer/epit: limit timeout rate
Limit rate to 1000 per second as it raises the throughput under stress
significantly without having an effect on the tested accuracy.

Issue #2579
2017-11-30 11:23:18 +01:00
Norman Feske
3ea960932e input_filter: support <include> in <remap> nodes 2017-11-30 11:23:15 +01:00
Norman Feske
e204b9532b rom_filter: allow use of input as attribute value 2017-11-30 11:23:15 +01:00
Norman Feske
f94f96c3ee nit_focus component that implements click-to-focus 2017-11-30 11:23:15 +01:00
Norman Feske
b05ad847b9 nitpicker: equip hover report with 'active' info
This patch supplements the existing 'hover' report with the information
whether or not the user has recently moved the pointer. This works
analogously to how the 'focus' report features the information about
recent button/keyboard activity.

Together, the 'hover' and 'focus' reports may be combined to observe
prolonged user inactivity, e.g. to activate a lock screen.
2017-11-30 11:23:14 +01:00
Norman Feske
544274feb9 nitpicker: respond to external focus policy
This patch enables nitpicker to use an external focus policy instead of
the traditional builtin click-to-focus policy. The external focus policy
is obtained from a 'focus' ROM. The focus ROM is expected to have a
'label' attribute with the value set to the label of the to-be focused
client.
2017-11-30 11:23:14 +01:00
Norman Feske
7ca56a62fd nitpicker: report last clicked-on client
The new report can be activated via the 'clicked' attribute of the
'<report>' configuration node.
2017-11-30 11:23:14 +01:00
Norman Feske
82e2900aa7 nitpicker: re-organize implementation
This patch revises the implementation of nitpicker in the following
respects:

- Split the implementation into smaller files,
- Consistently use the 'Nitpicker' namespace,
- Avoid the use of format strings,
- Retire old (and hackish) debug mode,
- Removal of unused timer connection,
- Merging 'Session' into 'Session_component',
- Merging 'Mode' into 'User_state',
- Adding the notions of 'View_owner' and 'Focus' as interfaces,
- Untangle 'User_state' and 'View_stack'
2017-11-30 11:23:14 +01:00
Alexander Boettcher
0a5dcc86ed platform_drv: separate acpi and system feature 2017-11-30 11:23:14 +01:00
Norman Feske
72f2ea349d init: forward RAM/cap quota session errors
This patch supplements init's service-forwarding mechanism to propagate
the insufficient RAM/cap quota conditions from the server to the client.
Without it, the client's session request stays pending infinitely.
2017-11-30 11:23:13 +01:00
Norman Feske
cda71e198f init: limit rate of periodic reports by 'delay_ms'
This is a follow-up patch to "init: periodic state updates if sensible".
In situations where the report rate is deliberately limited via the
'delay_ms' attribute while also reporting child-resource stats, we don't
want generate reports at a fixed rate of one second. This patch limits
the rate according to the 'delay_ms' value.
2017-11-30 11:23:12 +01:00
Norman Feske
d2c7cfa5fa input_filter: avoid closing input sessions
The input filter used to temporarily close all input sessions upon its
reconfiguration. In most cases, the same set of sessions is
re-established immediately afterwards. However, at the server (driver)
side, the closing of the session implicitly disables the input-event
queue. Hence events generated by the hardware while the session is
closed are dropped. This becomes a noticeable problem when using the
recently added <rom> modifier feature for handling capslock. The change
of the ROM always triggers the re-configuration of the input filter.
When pressing capslock and other keys at a high rate, press/release
events may get lost.

This patch solves this problem by maintaining all input sessions that
are defined in both the old and new configuration. It thereby removes
the short duration where the input event queues are temporarily disabled
at the drivers.
2017-11-30 11:23:12 +01:00
Christian Helmuth
12461291b8 Draw frame in framebuffer test
Issue #2555
2017-11-30 11:23:11 +01:00
Alexander Boettcher
5e4b523357 top: increase number of supported trace subjects
and print error if it may not be enough.
2017-11-30 11:23:10 +01:00
Sebastian Sumpf
9c852c750a vfs: handle root directory explicitly
This makes '/' and the actual root of VFS distinguishable. A VFS root
may contain one ore more '/' entries for each file system. 'opendir' for
the VFS root opens all file systems via 'open_composite_dir', while
'opendir' for '/' only returns a VFS handle.

Fixes #2569
2017-11-30 11:23:10 +01:00
Christian Helmuth
66d5954fc5 Adapt stack size of threads in signal test
This fixes the warning "small stack of 3996 bytes [...] may break Linux
signal handling" on 32-bit base-linux.
2017-11-30 11:23:10 +01:00
Martin Stein
e87f63944f timeout: replace Duration operators by methods
void += (Microseconds) -> void add(Microseconds)
void += (Milliseconds) -> void add(Milliseconds)
bool < (Duration)      -> bool less_than(Duration)

Issue #2581
2017-11-30 11:23:09 +01:00
Martin Stein
26bcd439f7 timeout: fix bug in duration + duration testing
The += operator contained bugs. We now also do some tests on the Duration
type at the beginning of the timeout test.

Fixes #2581
2017-11-30 11:23:09 +01:00
Martin Stein
5d39acd3c3 timer: clamp one-shot timeouts to avoid overflow
Issue #2579
2017-11-30 11:23:08 +01:00
Alexander Boettcher
f3dafbf5a6 nova: limit timeout rate in nova_timer_drv
Issue #2579
2017-11-30 11:23:08 +01:00
Alexander Boettcher
59f97802a9 timer.run: provide more information if test fails
Issue #2579
2017-11-30 11:23:08 +01:00
Alexander Boettcher
80778b267d timer: read PIT timer solely after interrupt
Stop gap solution until #2579 gets resolved.
2017-11-30 11:23:08 +01:00
Alexander Boettcher
2ba5f8f4f3 timer framework: use Time_source::curr_time()
Issue #2579
2017-11-30 11:23:08 +01:00
Norman Feske
f2a5648deb ps2_drv: respond to dynamic reconfiguration 2017-11-30 11:23:07 +01:00
Christian Prochaska
41b3d3abc1 init: make 'Server' class usable by external components
Issue #2574
2017-11-30 11:23:05 +01:00
Josef Söntgen
adb00d329f rom_filter: copy input node content to output node
Add suppport for copying the content of an 'input' node to the 'output'
node.

Issue #2558.
2017-11-30 11:23:04 +01:00
Josef Söntgen
f9c2e0e21c lx_block: add file based Block driver for Linux
Issue #2558.
2017-11-30 11:23:04 +01:00
Emery Hemingway
de5c0603f1 platform_drv: account session capabilities with a Cap_quota_guard
The platform driver is a critical component and must not allow sessions
to deplete its own resource quotas.

Fix #2576
2017-11-30 11:23:04 +01:00
Emery Hemingway
ca0c86e7af Enforce cap quotas at VFS server, increase initial File_system cap donation
Check at the VFS server that the capability cost of sessions do not
exceed the session quota donation. Raise the default initial capability
donation for File_system connections.

Fix #2553
2017-11-30 11:23:02 +01:00
Alexander Boettcher
9672329772 fb_boot_drv: evaluate fb pitch
Fixes #2555
2017-11-24 09:02:04 +01:00
Martin Stein
411601ebd1 input_filter: add missing virtual Source::~Source
Previously the destructors of classes derived from Source were not
called when destructing a Source because Source missed the declaration
of a virtual destructor. This caused at least problems when
reconstructing a Chargen_source with its Chargen_repeater that includes
a One_shot_timeout. In this case, the members of the Alarm behind the
timeout were not reset and the next time beeing used the Alarm appeared
to be still active which wasn't true.

Fixes #2570
2017-11-24 09:02:03 +01:00
Norman Feske
26d4753a3c input_filter: accelerate relative motion events 2017-11-09 12:18:43 +01:00
Norman Feske
a6b29530e8 input_filter: scroll-wheel emulation
The new '<button-scroll>' filter generates artificial wheel events from
relative motion events when the user holds a magic button.
2017-11-09 12:18:42 +01:00
Norman Feske
7b4ef66d91 nitpicker: update focus report after reconfig
A new configuration may implicitly change the domain color of the
currently focused session. We need to refresh the report to trigger an
update of the status bar.
2017-11-09 12:18:42 +01:00
Norman Feske
27c9e5c6e8 os: generalize xray trigger component
This commit replaces the old xray_trigger component by a new component
called global_keys_handler. For details, please refer to the issue text
and the accompanied README file.

Fixes #2554
2017-11-09 12:18:42 +01:00
Emery Hemingway
97c5e21ed6 server/vfs: do not append '/' to directory paths
Fix #2544
2017-11-09 12:18:05 +01:00
Alexander Boettcher
c1493b2ed2 usb: avoid pagefault during session destruction
due to pointer to object allocated in context of the session object.

Fixes #2565
2017-11-09 12:18:05 +01:00
Alexander Boettcher
03ae78173b platform_drv: free up dataspaces on session close
Fixes #2564
2017-11-09 12:18:05 +01:00
Norman Feske
4eebd140b0 nitpicker: report current key state
Fixes #2552
2017-11-09 12:18:05 +01:00
Christian Prochaska
547cc06976 ram_fs: throw exception when unlinked node gets accessed
Fixes #2536
2017-11-09 12:18:05 +01:00
Josef Söntgen
eae0445cd8 init: generate a state report when children exit
Whenever a childs is terminated the exit value is propagate through a
new state report. Thereby it becomes possibly for a managing component
to react upon the terminating condition of a child.

Issue #2558.
2017-11-06 13:57:24 +01:00
Martin Stein
b2ea164c76 nic_router: fix bugs in DHCP client functionality
Ref #2560
2017-11-06 13:57:24 +01:00
Martin Stein
db6a2419f2 nic_dump: fix bug in packet log
Ref #2560
2017-11-06 13:57:24 +01:00
Martin Stein
9d84d8b3bd nic_router: rename and move Ip_allocation
Rename Ip_allocation Dhcp_allocation and move it to dhcp_server.* .

Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
127ceaccb5 nic_router: move Dhcp_server to extra header/unit
Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
5e227f9ff1 nic_router: minor style fixes
Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
db9d4d3a3c nic_router: DHCP client functionality
If the attribute 'interface' is not set in a 'domain' tag, the router tries to
dynamically receive and maintain an IP configuration for that domain by using
DHCP in the client role at all interfaces that connect to the domain. In the
DHCP discover phase, the router simply chooses the first DHCP offer that
arrives. So, no comparison of different DHCP offers is done. In the DHCP
request phase, the server is expected to provide an IP address, a gateway, a
subnet mask, and an IP lease time to the router. If anything substantial goes
wrong during a DHCP exchange, the router discards the outcome of the exchange
and goes back to the DHCP discover phase. At any time where there is no valid
IP configuration present at a domain, the domain does only act as DHCP client
and all other router functionality is disabled for the domain. A domain cannot
act as DHCP client and DHCP server at once. So, a 'domain' tag must either
have an 'interface' attribute or must not contain a 'dhcp-server' tag.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
3560555acc nic_router: encapsulate IPv4 peer config in class
An IPv4 config (for a domain/interface of the router) consists of
an IPv4 address, a subnet prefix specifier, an optional gateway
IPv4 address, and some flags that declare whether these fields and
the config as a whole are valid. To make the handling of those
tightly connected values easier and less error prone, we encapsulate
them in a new class.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
0ca248551a net: move Ipv4_address_prefix to nic_router
As this tool is not used by any other component make it local to the
NIC router to keep the net-lib interface small.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
615878bb05 init: periodic state updates if sensible
Under certain circumstances we don't want inits state report to become too
outdated even if there is no change to its config or the sessions of its
children. This is the case if init is requested to provide a capability or RAM
info of it's children via its state report. Now, init automatically updates
the state report with each 1000 ms if the attribute 'child_caps' or
'child_ram' is positively set in the 'report' tag.
2017-11-06 13:57:21 +01:00
Norman Feske
189c5fa628 input_filter: improve capslock handling
Furthermore, the patch reduces the noise in the log produced by
false-positive error messages that are actually warnings.

Fixes #2548
2017-11-06 13:57:20 +01:00
Norman Feske
a0a7d5d165 ps2_drv: drive mode indicator LEDs
The new feature is demonstrated by the input.run script. It uses a
dynamic ROM service to toggle the keyboard LEDs at different intervals.

Fixes #2546
2017-11-06 13:57:20 +01:00
Christian Helmuth
73f1fa9a1f ahci: log vendor/device IDs as hex 2017-11-06 13:57:19 +01:00
Martin Stein
2eef27fca4 timer test: raise tolerance at max trigger count
Timing itself costs time. Thus, the stressfull timeout phase of the
test is not exactly as long as set but a little bit longer. This is why the
fast timeouts are able to trigger more often than they are expected to
(the timer has a static timeout-rate limit). Normally we consider this effect
through an error tolerance of 10%. But at least on foc x86_32 (PIT with very
low max timeout), timing is so expensive that 10% is not enough. We have to
raise it to 11%.
2017-11-06 13:57:19 +01:00
Norman Feske
3a350b65a3 init: handle Service_denied for forwarded sessions
This patch propages the 'Service_denied' condition of forwarded sessions
to the parent. Without it, the invalid session request stays pending
infinitely, which leads to the problem described in issue #2542. It
turns out that suggested solution given in the issue text is actually
not needed when applying this fix.

Fixes #2542
2017-11-06 13:57:18 +01:00
Norman Feske
1ccd9a2fdb rom_filter: expand target buffer on demand
The ROM filter did not handle the situation where the generated content
exceeds the size of the initially allocated dataspace for the target
buffer. This patch wraps the XML generation in a retry loop that
expands the buffer as needed.
2017-11-06 13:57:18 +01:00
Norman Feske
f3988a27d4 nit_fb: support 'origin' attribute
This patch makes the specification of screen coordinates more flexible.
First, the 'origin' attribute allows one to refer to either of the four
screen corners without knowing the screen size. Second, the 'width'
and 'height' values now accept negative values, which are relative to
the screen size.
2017-11-06 13:57:18 +01:00
Christian Prochaska
e4fa8e8fcf vfs server: remove special case of rootdir handles
With this patch, the VFS server returns distinguishable IDs when opening
the root directory multiple times.
2017-10-19 13:31:15 +02:00
Martin Stein
5f65791962 nic_router: bad-protocol message only if verbose
This was an error output-line for each affected packet previously but it
is pretty normal for the router to receive packets whose network layer
protocol it doesn't know . In the default case, these packets shall be
ignored silently.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
30a96706cb nic_router: dhcp server functionality
One can configure the NIC router to act as DHCP server at interfaces of a
domain by adding the <dhcp> tag to the configuration of the domain like
this:

<domain name="vbox" interface="10.0.1.1/24">
    <dhcp-server ip_first="10.0.1.80"
                 ip_last="10.0.1.100"
                 ip_lease_time_sec="3600"
                 dns_server="10.0.0.2"/>
    ...
</domain>

The attributes ip_first and ip_last define the available IPv4 address
range while ip_lease_time_sec defines the lifetime of an IPv4 address
assignment in seconds. The IPv4 address range must be in the subnet
defined by the interface attribute of the domain tag and must not cover
the IPv4 address in this attribute. The dns_server attribute gives the
IPv4 address of the DNS server that might also be in another subnet.
The lifetime of an offered assignment is the configured round trip time of
the router while the ip_lease_time_sec is applied only if the offer is
requested by the client in time.

The ports/run/virtualbox_nic_router.run script is an example of how to
use the new DHCP server functionality.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
03144093b3 nic_router: do link garbage collect on each packet
Previously, garbage collect was only done when an incoming packet passed the
Ethernet checks. Now it is really done first when receiving a packet at an
interface.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
215937ff0f nic_router: handle ARP requests for foreign IPs
If the router has no gateway attribute for a domain (means that the router
itself is the gateway), and it gets an ARP request for a foreign IP, it shall
answer with its own IP.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
ee88d4d2d5 nic_router: use same packet log-format as nic_dump
Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
e5b9a6cc8b nic_router: rework round-trip-time handling
Do not use two times the RTT for the lifetime of links but use it as
it is configured to simplify the usage of the router. Internally, use
Microseconds/Duration type instead of plain integers.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
71bd9a1f10 nic_dump: configurable packet print
The nic_dump uses a wrapper for all supported protocols that
takes a packet and a verbosity configuration. The wrapper object can
than be used as argument for a Genode log function and prints the
packet's contents according to the given configuration. The
configuration is a distinct class to enable the reuse of one instance
for different packets.

There are currently 4 possible configurations for each protocol:
* NONE          (no output for this protocol)
* SHORT         (only the protocol name)
* COMPACT       (the most important information densely packed)
* COMPREHENSIVE (all header information of this protocol)

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
d63c40af3e dhcp: extend options utilities
Provide utilities for appending new options to an existing DHCP packet
and a utility for finding existing options that returns a typed option
object. Remove old version that return untyped options.

Ref #2490
2017-10-19 13:29:44 +02:00
Martin Stein
791fd9806f ipv4 address: conversion from and to integer
Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
d0f5838c61 net: clean up header fields and accessors
Apply the style rule that an accessor is named similar to the the underlying
value. Provide read and write accessors for each mandatory header attribute.
Fix some incorrect structure in the headers like with the flags field
in Ipv4_packet.

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
7b55d4d5d9 ethernet: rework type for ethernet type value
Encapsulate the enum into a struct so that it is named
Ethernet_frame::Type::Enum, give it the correct storage type
uint16_t, and remove those values that are (AFAIK) not used by
now (genode, world).

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
3f269b773d nic_dump: use Duration instead of unsigned
Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
97b1a22a8a nic_dump: measure time only if needed
Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
6b4b662357 nic_router: fix for unknown transport protocols
Do not stop routing if the transport layer protocol is unknown but
continue with trying IP routing instead. The latter was already
done when no transport routing could be applied but for unknown transport
protocols we caught the exception at the wrong place.

Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
642254134e timer test: rate limiting and no starvation
No starvation of timeout signals
--------------------------------

Add several timeouts < 1ms to the stress test and check that timeout
handling doesn't become significantly unfair (starvation) in this situation
where some timeouts trigger nmuch faster than they get handled.

Rate limiting for timeout handling in timer
-------------------------------------------

Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
df71e02ef6 alarm: fix bug in _setup_alarm
We did not set the correct now_period previously but it wasn't conspicuous
because the bug triggered not before a full period had passed which on most
platforms is a pretty long time.

Ref #2490
2017-10-19 13:29:41 +02:00
Christian Helmuth
28004bc9e6 timer: limit rate of handling timeouts
Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-05 17:40:05 +02:00
Emery Hemingway
a67d24e509 import chroot from world repository
Fix #2529
2017-10-05 17:40:04 +02:00
Sebastian Sumpf
754d1bd4a3 usb_report_filter: check device ds
Make sure we actually can report devices on USB driver device updates.

related to #2527
2017-10-05 17:40:04 +02:00
Norman Feske
86656517e3 nitpicker: reset background if backdrop vanishes
Fixes #3
2017-10-05 17:40:03 +02:00
Martin Stein
3f37a12e2d timer connection: fix mixing of time sources
We update the alarm-scheduler time with results of
Timer::Connection::curr_time when we schedule new timeouts but when
handling the signal from the Timer server we updated the alarm-scheduler
time with the result of Timer::Connection::elapsed_us.  Mixing times
like this could cause a non-monotone time value in the alarm scheduler.
The alarm scheduler then thought that the time value wrapped and
triggered all timeouts immediately. The problem was fixed by always
using Timer::Connection::curr_time as time source.

Ref #2490
2017-10-05 17:40:02 +02:00
Alexander Boettcher
1cc09ac786 platform_drv: transfer of quota to device_pd
Issue #2507
2017-10-05 17:40:00 +02:00
Sebastian Sumpf
ff800af820 ahci: make port enumeration independent from port count
fixes #2522
2017-10-05 17:40:00 +02:00
Norman Feske
d9d32847b1 xray_trigger: make initial state configurable 2017-10-05 17:39:57 +02:00
Martin Stein
d62c3117de run/timeout: test if maximum timeouts trigger bugs
Create periodic and one-shot timeouts with the maximum duration
to see if triggers any corner-case bugs. They must not trigger during
the test.

Ref #2490
2017-10-05 17:39:57 +02:00
Martin Stein
8fd914c6ab timeout: fix outdated time in alarm scheduler
If we add an absolute timeout to the back-end alarm-scheduler we must first
call 'handle' at the scheduler to update its internal time value.
Otherwise, it might happen that we add a timeout who's deadline is so big that
it normally belongs to the next time-counter period but the scheduler thinks
that it belongs to the current period as its time is older than the one used
to calculate the deadline.

Ref #2490
2017-10-05 17:39:56 +02:00
Martin Stein
2633ff8661 alarm: fix information loss due to int-cast
When we have two time values of an unsigned integer type and we create
the difference and want to know wether it is positive or negative within
the same value we loose at least one half of the value range for casting
to signed integers. This was the case in the alarm scheduler when
checking wether an alarm already triggered. Even worse, we casted from
'unsigned long' to 'signed int' which caused further loss on at least
x86_64. Thus, big timeouts like ~0UL falsely triggered directly.

Now, we use an extra boolean value to remember in which period of the
time counter we are and to which period of the time counter the deadline
of an alarm belongs. This boolean switches its value each time the time
counter wraps. This way, we can avoid any casting by checking wether the
current time is of the same period as the deadline of the alarm that we
inspect. If so, the alarm is pending if "current time >= alarm
deadline", otherwise it is pending if "current time < alarm deadline".

Ref #2490
2017-10-05 17:39:56 +02:00
Martin Stein
4fa0cb5c29 timer pit: handle and display bad latency
If the PIT timer driver gets activated too slow (e.g. because of a bad priority
configuration), it might miss counter wraps and would than produce sudden time
jumps. The driver now detects this problem dynamically, warns about it and
adapts the affected values to avoid time jumps.

Ref #2400
2017-10-05 17:39:55 +02:00
Emery Hemingway
488396e78b server/vfs: status completes or throw Invalid_handle
The 'status' RPC method of the File_system session must complete
successfully or throw 'Invalid_handle' for any error.

Ref #2512
2017-10-05 17:39:55 +02:00
Martin Stein
82c763fe75 nic_router: provide link state
The NIC router always reports the link state "Up" (true) because
the effective link state depends on the targeted remote interface
and thus on the individual routing for each packet. Consequently,
also the signal handler for state changes gets ignored.

Ref #2490
2017-09-07 11:47:15 +02:00
Martin Stein
a1e32a3ad9 nic_router: use local but individual MAC addresses
IP stacks may treat a network interface as "down" when it states a MAC
address with the I/G bit (bit 40) set to "Group" (value 0) instead of
"Individual" (value 1). This was observed with a TinyCore 8 inside a
Virtualbox VM. Thus, the previously choosen 03:03:03:03:03:00 as base
for the MAC address allocator is bad. Now we use the 02:02:02:02:02:00
instead. This also ensures that the MAC addresses are not marked as
"Universal" but as "Local" (bit 41, value 1) which is correct in general
as the router allocates MAC addresses only for virtual networks.

Ref #2490
2017-09-07 11:47:15 +02:00
Martin Stein
b531a862bb nic_dump: link state and mac address
The NIC dump component didn't support forwarding of link states and link-state
signals until now. Furthermore, it now prints MAC address and link state
on session creation and on every link state change.

Ref #2490
2017-08-30 10:01:36 +02:00
Martin Stein
84ad50b527 nic_dump: synchronize down/uplink creation
Previously, the uplink session was created on component startup while the
creation of the downlink session is timed by the client component. This
created a time span in which packets from the uplink were dropped at the
nic_dump. Now the uplink session-request is done by the session component
of the downlink.

Ref #2490
2017-08-30 10:01:35 +02:00
Alexander Boettcher
4c382d85b2 sel4: adjust cap ram quota of fault_detection.run 2017-08-30 10:00:01 +02:00
Martin Stein
12eb7a44d0 x86 timeout test: consider instable tsc (quickfix)
This is a quickfix to avoid testing microseconds precise time on older x86
machines that have no invariant TSC as interpolation source.

Ref #2400
2017-08-30 10:00:01 +02:00
Josef Söntgen
198019edca os: add Gpu driver for Intel Gen8 HD graphics
This commit introduces a experimental 3D driver for Intel Gen8 HD
graphics devices as well as the corresponding Gpu session.

Fixes #2507.
2017-08-30 09:59:57 +02:00
Alexander Boettcher
830f6934f9 base: add support to unconstrain virtual space
Issue #2507.
2017-08-30 09:59:57 +02:00
Emery Hemingway
1fce8d0d74 default ahci_drv and part_blk Block sessions to read-only
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.

Fix #2469
2017-08-28 16:49:51 +02:00
Martin Stein
d9073a1848 timer/util: generic TIMER_MIN_TICKS_PER_MS
Ref #2400
2017-08-28 16:49:50 +02:00
Martin Stein
399e1586be timer: generic timer_ticks_to_us implementation
There are hardware timers whose frequency can't be expressed as
ticks-per-microsecond integer-value because only a ticks-per-millisecond
integer-value is precise enough. We don't want to use expensive
floating-point values here but nonetheless want to translate from ticks
to time with microseconds precision. Thus, we split the input in two and
translate both parts separately. This way, we can raise precision by
shifting the values to their optimal bit position. Afterwards, the results
are shifted back and merged together again.

As this algorithm is not so trivial anymore and used by at least three
timer drivers (base-hw/x86_64, base-hw/cortex_a9, timer/pit), move it to a
generic header to avoid redundancy.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
652187b25e timer pit: fix precision reduction to milliseconds
Due to the simplicity of the algorithm that translated from timer ticks
to time, we lost microseconds precision although the timer allows for it.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
02bbb2efaf test/timeout: use elapsed_us instead of elapsed_ms
Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
22294d3b18 timer connection: fix division by null
When synchronizing with the remote time source, we have to take care that the
measured time difference cannot become null because its real value is smaller
than the measurement granularity. Since the granularity is one microsecond, we
simply go on polling timestamp and time until the microsecond has passed.
This busy waiting should be no problem for the system for two reasons. First,
it is limited to a relatively small amount of time and second, a busy lock
does not happen because the time source that is responsible for the limiting
factor is explicitely called on each poll.

Ref #2400
2017-08-28 16:49:49 +02:00
Johannes Kliemann
c509cabdba os: fix fb_boot_drv framebuffer padding
Fixes #2486
2017-08-28 16:49:45 +02:00
Christian Prochaska
b0935ef9b2 VFS: nonblocking interface
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.

For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.

The most important changes are:

- Directories are created and opened with the 'opendir()' function and the
  directory entries are read with the recently introduced 'queue_read()'
  and 'complete_read()' functions.

- Symbolic links are created and opened with the 'openlink()' function and
  the link target is read with the 'queue_read()' and 'complete_read()'
  functions and written with the 'write()' function.

- The 'write()' function does not wait for signals anymore. This can have
  the effect that data written by a VFS library user has not been
  processed by a file system server yet when the library user asks for the
  size of the file or closes it (both done with RPC functions at the file
  system server). For this reason, a user of the VFS library should
  request synchronization before calling 'stat()' or 'close()'. To make
  sure that a file system server has processed all write request packets
  which a client submitted before the synchronization request,
  synchronization is now requested at the file system server with a
  synchronization packet instead of an RPC function. Because of this
  change, the synchronization interface of the VFS library is now split
  into 'queue_sync()' and 'complete_sync()' functions.

Fixes #2399
2017-08-28 16:49:38 +02:00
Norman Feske
a4b543bc80 init: avoid repeated config XML parsing 2017-08-28 16:49:37 +02:00
Norman Feske
bfbe5128cd tar_rom: minor documentation fix 2017-08-28 16:49:37 +02:00
Norman Feske
6184a27619 init: defer forwarded session requests when needed
This patch changes init's service forwarding such that pending requests
are kept unanswered as long as the requested service is not present
(yet). In dynamic-init scenarios, this is needed in situtions where the
dynamic init is known to eventually provide the service but the internal
subsystem is not ready yet. Previously, a client that attempted to
request a session in this early phase would get a 'Service_denied'
exception. By deferring the forwarding in this situation, the behaviour
becomes deterministic.

If a matching '<service>' exists but there is no matching policy sub
node, the request is answered with 'Service_denied' - as expected.
2017-08-28 16:49:37 +02:00
Martin Stein
c0c0d8c600 nic_router: error if uplink domain not configured
Ref #2490
2017-08-28 16:49:36 +02:00
Martin Stein
96c7f8d53f init: be aware of abandoned any-child routes
Previously, init did not test if a service is abandoned on a new
configuration if the service was routed via an any-child route.

Fixes #2483
2017-08-28 16:49:35 +02:00
Martin Stein
b6efa7f6f9 timer connection: fast initial calibration
The calibration of the interpolation parameters was previously only done
periodically every 500 ms. Together with the fact that the parameters
had to be stable for at least 3 calibration steps to enable
interpolation, it took at least 1.5 seconds after establishing a
connection to get microseconds-precise time values.

This is a problem for some drivers that directly start to poll time.
Thus, the timer connection now does a calibration burst as soon as it
switches to the modern mode (the mode with microseconds precision).
During this phase it does several (currently 9) calibration steps
without a delay inbetween. It is assumed that this is fast enough to not
get interrupted by scheduling. Thus, despite being small, the measured
values should be very stable which is why the burst should in most cases
be sufficient to get the interpolation initialized.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
adaad64fbb timer connection: relax factor shifting
When in modern mode (with local time interpolation), the timer
connection used to maximize the left shifting of its
timestamp-to-microseconds factor. The higher the shift the more precise
is the translation from timestamps to microseconds. If the timestamp
values used for determining the best shift were small - i.e.  the delay
between the calibration steps were small - we may got a pretty big
shift.  If we then used the shift with bigger timestamp values - i.e.
called curr_time seldom or raised calibration delays - the big shift
value became a problem. The framework had to scale down all measured
timestamps and time values temporarily to stay operative until the next
calibration step.

Thus, we now raise the shift only that much that the resulting factor
fullfills a given minimum. This keeps it as low as possible according
to the precision requirement. Currently, this requirement is set to 8
meaning that the shifted factor shall be at least 2^8 = 256.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
6dfb903bd0 timer connection: always work with microseconds
As the timer session now provides a method 'elapsed_us', there is no more need
for doing any internal calculations with values of milliseconds.

Ref #2400
2017-08-23 14:08:36 +02:00
Martin Stein
8750e373a0 timer session: add elapsed_us method
As timer sessions are not expected to be microseconds precise (because
of RPC latency and scheduling), the session interface provided only a
method 'elapsed_ms' although the back end of this method in the timer
driver works with microseconds.

However, in some cases it makes sense to have a method 'elapsed_us'. The
values it returns might be milliseconds away from the "real" time but it
allows you to work with delays smaller than a millisecond without
getting a zero delta value.

This commit is motivated by the need for fast bursts of calibration
steps for the time interpolation in the new timer connection.

Ref #2400
2017-08-23 14:08:36 +02:00
Alexander Boettcher
69e71147ef platform_drv: replace nova specific device_pd
by using generic Pd_session::map instead for eager memory mappings of DMA
memory.

Issue #2209
2017-08-18 10:24:47 +02:00
Emery Hemingway
5f35175644 app/sequence: execute components in sequence
Fix #2476
2017-08-18 10:24:46 +02:00
Emery Hemingway
ad6c94bb09 input_filter character mapping rules for the Workman layout
http://workmanlayout.org/

Fix #2473
2017-08-17 11:04:23 +02:00
Emery Hemingway
2deddf1e6d Check for symlink target length errors
Check for symlink length errors at the VFS library and the ram_fs and
vfs servers.

Fix #2462
2017-08-17 11:04:21 +02:00
Emery Hemingway
cfdac3f4c3 ram_fs: check symlink writes for termination bytes
Ref #2461
2017-08-17 11:04:21 +02:00
Alexander Boettcher
782b457476 wand_quad: re-enable i.MX6 EPIT user level timer
Issue #2451
2017-08-17 11:04:21 +02:00
Norman Feske
e31806d4e6 dde_rump: fix rump_iso test
The run script did not consider the routing for the environment ROM
sessions for the test-iso component. It routed all ROM sessions -
including the ones for the executable and the dynamic linker - to
fs_rom. The patch also adds the cap quota definitions required since
version 17.05 and fixes a whitespace inconsistency between the test
program and the run script.

Thanks to Steven Harp for reporting!
2017-08-17 11:04:20 +02:00
Christian Helmuth
e5f0dae598 terminal_log: carriage-return on newline
This is expected by hardware terminals, ie., terminal programs connected
to null-modem serial connections. Otherwise, the next line starts at the
column right after the last line.
2017-08-17 11:04:20 +02:00
Christian Helmuth
145011b420 sd_card_drv: prevent deprecated warnings 2017-08-17 11:04:18 +02:00
Alexander Boettcher
24875c0ea8 platform_drv: add report about available pci devices
Issue #1359
2017-08-17 10:59:44 +02:00
Norman Feske
7d12d7a78f fs_report.run: replace test with dedicated program
The new version of the test exercises the combination of fs_report with
ram_fs and fs_rom as a more flexible alternative to report_rom.

It covers two corner cases that remained unaddressed by fs_rom and
ram_fs so far: First, the late installation of a ROM-update signal
handler at fs_rom right before the content of the file is modified.
Second, the case where the requested file is not present on the file
system at the creation time of the ROM session. Here, the ram_fs missed
to inform listeners for the compound directory about the later created
file.
2017-08-17 10:59:43 +02:00
Norman Feske
d649451c3d fs_rom: trigger deferred ROM-update signal
This patch ensures that fs_rom delivers a ROM-update notification in the
case where the underlying file was changed in-between requesting the
initial ROM content and registering the signal handler.
2017-08-17 10:59:43 +02:00
Norman Feske
bfcdab6079 fs_rom: make read-packet handling more robust
With the introduction of the CONTENT_CHANGED notifications delivered via
the packet stream, the assumption that no more than one READ packet is
in flight at all times does no longer hold. If the fs server responds
to a CONTENT_CHANGED packet while the fs_rom expects the completion of a
read request, the '_update_dataspace' method would prematurely return,
leaving the dataspace unpopulated. This patch solves the problem by
specifically waiting for the completion of the read request.
2017-08-17 10:59:43 +02:00
Norman Feske
0b580628cf file system: track content via version counter
This makes the delivery of CONTENT_CHANGED responses more robust.
2017-08-17 10:59:43 +02:00
Christian Prochaska
6a43f3c11a file system: use Id_space instead of Node_handle_registry
Fixes #2436
2017-08-17 10:59:43 +02:00
Martin Stein
8d2ee6d040 timer okl4: remove deprecated const_cast
Ref #2400
2017-06-29 12:00:00 +02:00
Martin Stein
61f59818d3 pit/fiasco timeout: raise time error tolerance
On platforms that use the PIT timer driver, 'elapsed_ms' is pretty
inprecise/unsteady (up to 3 ms deviation) for a reason that is not
clearly determined yet. On Fiasco and Fiasco.OC, that use kernel timing,
it is the same. So, on these platforms, our locally interpolated time
seems to be fine but the reference time is bad. Until this is fixed, we
raise the error tolerance for these platforms in the run script.

Ref #2400
2017-06-29 11:59:59 +02:00
Christian Helmuth
82af06a42a sd_card: enable wand_quad/imx6 again 2017-06-29 11:59:58 +02:00
Christian Helmuth
ad824cea11 sd_card: cleanup driver library structure
Now both, the sd_card_drv and sd_card_bench use LIBS=sd_card_drv.
2017-06-29 11:59:58 +02:00
Emery Hemingway
73eb7a52a0 server/fs_report: do not append '.report to file names
Appending a suffix to report filenames was behavior inherited from
fs_log, it prevents creating files where directories need to be created
later. But unlike logs, only a subset of the hierarchy will report and
those that do append a component-local label, so the risk of collision
is low.

By removing the suffix fs_rom can serve reports back as ROM just as
report_rom does.

Ref #2422
2017-06-29 11:59:56 +02:00
Martin Stein
9b1c26ab7f timeout lib: dynamic interpolation-factor shift
In the timeout framework, we maintain a translation factor value to
translate between time and timestamps. To raise precision we scale-up
the factor when we calculate it and scale-down the result of its
appliance later again. This up and down scaling is achieved through
left and right shifting. Until now, the shift width was statically
choosen. However, some platforms need a big shift width and others a
smaller one. The one static shift width couldn't cover all platforms
which caused overflows or precision problems.

Now, the shift width is choosen optimally for the actual translation
factor each time it gets re-calculated. This way, we can take care that
the shift always renders the best precision level without the risk for
overflows.

Ref #2400
2017-06-29 11:59:54 +02:00
Martin Stein
99d971f348 timeout test: result buffer as struct
The result-buffer related members of the fast polling test are
the same for each buffered result type. Thus, we can make the
code easier by providing them through a struct.

Ref #2400
2017-06-29 11:59:53 +02:00
Norman Feske
5566aa0f94 bomb test: consider preserved PD session quota
This is an adaptation to the commit "core: prevent transfer of static PD
session quota".
2017-06-29 11:59:52 +02:00
Johannes Kliemann
1205607e78 os: add framebuffer based on platform_info of core
Issue #2242
2017-06-29 11:59:51 +02:00
Alexander Boettcher
04b2919a1a acpi_drv: use platform_info for rsdt/xsdt lookup
Issue #2242
2017-06-29 11:59:50 +02:00
Martin Stein
5fec4a2166 timeout test: raise error tolerance on nova + qemu
On QEMU, NOVA uses the pretty unstable TSC emulation as primary time
source. Thus, timeouts do not trigger with the common precision (< 50
ms). Use an error tolerance of 200 ms for this platform constellation.

Ref #2400
2017-06-29 11:59:49 +02:00
Martin Stein
745fa4fd67 timeout test: improve documentation
Ref #2400
2017-06-19 12:35:56 +02:00
Martin Stein
71fd2b4cde timeout test: consider time shift between sessions
The fast polling test uses one timer session for raw 'elapsed_ms' calls
and another one for potentially interpolated 'curr_time' calls. It then
compares the two results against each other. However, until now, the
test did not consider that the duration of the session construction may
create a remarkable shift between the local times of the two sessions.
This shift is now determined and compensated before doing any
comparison.

Ref #2400
2017-06-19 12:35:56 +02:00
Christian Helmuth
c16288bcde timer/foc: use current KIP-clock API
This prevents L4_DEPRECATED warnings.
2017-06-19 12:35:55 +02:00
Martin Stein
1ea745ca2e signal test: do not test multiple handlers
The multiple-handlers test was checking if handlers at one signal were
activated in a fair manner. But on Qemu, the error tolerance of one was
too small in rare cases (2 of 100 runs). However, having multiple
handlers for the same signal context can be considered deprecated
anyway. With the recommended Signal_handler wrapper for signal sessions,
you can't use this feature. Thus, we removed the multiple-handlers test.

Fixes #2450
2017-06-19 12:35:55 +02:00
Christian Prochaska
a1b1525ec1 lx_fs: handle errors on mkdir correctly
Fixes #2444
2017-06-19 12:35:55 +02:00
Emery Hemingway
47c616ab94 server/fs_report: write reports to file-systems
Fix #2422
2017-06-19 12:35:54 +02:00
Emery Hemingway
1838fb4773 vfs/ram: check parent directory on file creation
Fix #2443
2017-06-12 12:44:23 +02:00
Alexander Boettcher
0523736ce4 acpi: limit device scope paths
Fixes #2371
2017-06-08 11:32:39 +02:00
Martin Stein
b8e2253e5f timeout: fix bug in interpolation
We incorrectly used 'unsigned long' (which is 32 or 64 bit depending on
the CPU architecture) for a timestamp (which is always 64 bit) in the
timer-connection implementation.

Ref #2435
2017-06-06 13:01:43 +02:00
Martin Stein
23337eb6e7 run/timeout: run also on arm w/o hw and qemu
On platforms were we do not have local time interpolation we can simply
skip the first test stage in the timeout test. This way, we can at least
test the rest.

Fixes #2435
2017-05-31 17:50:28 +02:00
Martin Stein
685f509a43 timer connection: no interpolation on arm w/o hw
On ARM, we do not have a component-local hardware time-source. The ARM
performance counter has no reliable frequency as the ARM idle command
halts the counter. Thus, we do not do local time interpolation on ARM.
Except we're on the HW kernel. In this case we can read out the kernel
time instead.

Ref #2435
2017-05-31 17:50:28 +02:00
Christian Prochaska
697f179e21 ram_fs: acknowledge packet in error case
Fixes #2434
2017-05-31 13:16:24 +02:00
Christian Helmuth
8bd0efced6 Remove obsolete RAM/CAP services from run scripts
Adapted launchpad and also the rm_fault and resource_request tests.

Issue #2407
2017-05-31 13:16:22 +02:00
Stefan Kalkowski
632ef28463 os: removal of deprecated os/config.h (fix #2431) 2017-05-31 13:16:22 +02:00
Emery Hemingway
16be05e530 Optional session label for Rtc connection constructor
Ref #2410
2017-05-31 13:16:22 +02:00
Christian Helmuth
febfb3bfe6 Fix source file location in RPi GPIO driver
The explicit relative location of the file instructed both target builds
to generate ../main.o which gloriously fails with parallel builds. The
produced range of error messages was astonishing ranging from "file
truncated" to "TLS reference in ../main.o mismatches non-TLS reference
in ../main.o".
2017-05-31 13:16:21 +02:00
Christian Helmuth
3c785a4ffb init: use service name from session class
Fixes issue with RAM constrains no longer effective.
2017-05-31 13:16:21 +02:00
Christian Helmuth
b37f411c3f ahci: optionally report discovered devices
Issue #2417
2017-05-31 13:16:20 +02:00
Christian Prochaska
16deaa9a72 timed_semaphore: fix deprecated warning
Fixes #2429
2017-05-31 13:16:19 +02:00
Emery Hemingway
25ec021fee server/vfs: ignore invalid handles at close()
Ref #2410
2017-05-31 13:16:18 +02:00
Christian Helmuth
923b3ec54d part_blk: prevent deprecated warning 2017-05-31 13:16:18 +02:00
Boris Mulder
d094ff995f part_blk: added optional partitions report 2017-05-31 13:16:16 +02:00
Norman Feske
0167d5af50 Integrate core's RAM service into the PD service
Fixes #2407
2017-05-31 13:16:14 +02:00
Norman Feske
3fc2a798b2 init: heuristics for DMA buffer allocations
If a child is allowed to constrain physical memory allocations but left
the 'phys_start' and 'phys_size' session arguments blank, init applies
builtin constraints for allocating DMA buffers.

The only component that makes use of the physical-memory constraint
feature is the platform driver. Since the built-in heuristics are
applied to the platform driver's environment RAM session, all
allocations performed by the platform driver satisfy the DMA
constraints.

To justify building-in these heuristics into init as opposed to
supplying the values as configuration arguments, the values differ
between 32 and 64 bit. The configuration approach would raise the need
to differentiate init configurations for both cases, which are
completely identical otherwise.

Issue #2407
2017-05-31 13:16:13 +02:00
Alexander Boettcher
420b66a1f0 platform_drv: remove usage of ram_connection
This commit removes support for limitation of RAM allocations from the
platform_drv. A subsequent commit adds this feature to init.

Issue #2398
Issue #2407
2017-05-31 13:16:13 +02:00
Martin Stein
c70fed29f7 os/timer: interpolate time via timestamps
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end.  Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.

This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.

This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled.  Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.

With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.

This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.

Open issues:

* The timeout test fails on Raspberry PI because of precision errors in the
  first stage. However, this does not render the framework unusable in general
  on the RPI but merely is an issue when speaking of microseconds precision.

* If we run on ARM with another Kernel than HW the timestamp speed may
  continuously vary from almost 0 up to CPU speed. The Timer, however,
  only uses interpolation if the timestamp speed remained stable (12.5%
  tolerance) for at least 3 observation periods. Currently, one period is
  100ms, so its 300ms. As long as this is not the case,
  Timer_session::elapsed_ms is called instead.

  Anyway, it might happen that the CPU load was stable for some time so
  interpolation becomes active and now the timestamp speed drops. In the
  worst case, we would now have 100ms of slowed down time. The bad thing
  about it would be, that this also affects the timeout of the period.
  Thus, it might "freeze" the local time for more than 100ms.

  On the other hand, if the timestamp speed suddenly raises after some
  stable time, interpolated time can get too fast. This would shorten the
  period but nonetheless may result in drifting away into the far future.
  Now we would have the problem that we can't deliver the real time
  anymore until it has caught up because the output of Timer::curr_time
  shall be monotone. So, effectively local time might "freeze" again for
  more than 100ms.

  It would be a solution to not use the Trace::timestamp on ARM w/o HW but
  a function whose return value causes the Timer to never use
  interpolation because of its stability policy.

Fixes #2400
2017-05-31 13:16:11 +02:00
Christian Helmuth
fd893a4f9b part_blk: support CHS and LBA extended partitions
Issue #1576
2017-05-31 13:16:10 +02:00
Stefan Kalkowski
9b350e7706 os: move private declarations to driver target
Ref #2403
2017-05-31 13:16:09 +02:00
Emery Hemingway
eaeb77a867 drivers/nic/linux: replace Thread_deprecated
Ref #1987
2017-05-31 13:16:09 +02:00
Stefan Kalkowski
10e2e223cd foc: remove obsolete features (ref #2405)
Removes the following Fiasco.OC specific features:
* GDB extensions for Fiasco.OC
* i.MX53 support for Fiasco.OC
* Kernel debugger terminal driver
* Obsolete interface Native_pd
* Obsolete function of interface Native_cpu
2017-05-31 13:16:08 +02:00
Christian Helmuth
24a0810cbc trace: disable out-of-metadata test step 2017-05-31 13:16:08 +02:00
Norman Feske
4d442bca30 Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.

Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.

This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-31 13:16:07 +02:00
Norman Feske
1f4f119b1e Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.

Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.

At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.

If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:

  <default-route>
    <service name="PD" unscoped_label="timer">
      <parent diag="yes"/>
    </service>
    ...
  </default-route>

For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.

Fixes #2398
2017-05-31 13:16:06 +02:00
Norman Feske
e44f65f3b2 core: RAM service based on 'Session_object'
This patch reworks the implementation of core's RAM service to make use
of the 'Session_object' and to remove the distinction between the
"metadata" quota and the managed RAM quota. With the new implementation,
the session implicitly allocates its metadata from its own account. So
there is not need to handle 'Out_of_metadata' and 'Quota_exceeded' via
different exceptions. Instead, the new version solely uses the
'Out_of_ram' exception.

Furthermore, the 'Allocator::Out_of_memory' exception has become an alias
for 'Out_of_ram', which simplifies the error handling.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
aea5d03691 base: add Child_policy::Route::Diag flag
The 'diag' flag can be defined by a target node of a route in init's
configuration. It is propagated as session argument to the server, which
may evaluate the flag to enable diagnostic output for the corresponding
session.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
3670f7735d base: use 'Quota_transfer::Account' for 'Service'
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.

Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.

With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
f02c8328db init: access Ram_session as const
This is now possible because the new 'used_ram' and 'ram_quota' RPC
functions are declared as const.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
6609aafb05 Replace Quota_exceeded by Insufficient_ram_quota
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.

Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).

This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
843dd179d7 base: remove int return types from 'Ram_session'
This patch replaces the existing C-style error codes with C++
exceptions.

Fixes #895
2017-05-31 13:16:04 +02:00
Norman Feske
58f44d39c5 base: use 'Ram_quota' in 'Ram_session' args
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
ff68d77c7d base: new 'Ram_allocator' interface
The 'Ram_allocator' interface contains the subset of the RAM session
interface that is needed to satisfy the needs of the 'Heap' and
'Sliced_heap'. Its small size makes it ideal for intercepting memory
allocations as done by the new 'Constrained_ram_allocator' wrapper
class, which is meant to replace the existing 'base/allocator_guard.h'
and 'os/ram_session_guard.h'.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
5a468919bb base: new session-creation helper types
This patch augments the existing session/session.h with useful types for
the session creation:

* The new 'Insufficient_ram_quota' and 'Insufficient_cap_quota'
  exceptions are meant to supersede the old 'Quota_exceeded' exception
  of the 'Parent' and 'Root' interfaces.

* The 'Session::Resources' struct subsumes the information about the
  session quota provided by the client.

* The boolean 'Session::Diag' type will allow sessions to operate in a
  diagnostic mode.

* The existing 'Session_label' is not also available under the alias
  'Session::Label'.

* A few helper functions ease the extraction of typed session arguments
  from the session-argument string.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
c1b981ede4 Annotate session interfaces with CAP_QUOTA
The new 'CAP_QUOTA' enum value denotes the capability quota to be
transferred from the client to the server at session-creation time.

Issue #2398
2017-05-31 13:16:04 +02:00
Emery Hemingway
f7d80a9bf9 drivers/ahci: clean exit when no controllers are found
Fix #2402
2017-05-31 13:16:02 +02:00
Christian Helmuth
1828f70037 Fix deprecated warnings in servers
Issue #1987
2017-05-31 13:16:02 +02:00
Emery Hemingway
24a9537a27 File_system: replace per-handle signals with notification packets
Replace registration and signaling of per-handle signal capabilities
with CONTENT_CHANGED notification packets.

Fix #2397
2017-05-31 13:16:01 +02:00
Emery Hemingway
29b3fff5eb app/rom_to_file: catch Node_already_exists and overwrite files
Ref #1934
2017-05-31 13:16:01 +02:00
Stefan Kalkowski
6106e64aac base: remove include/spec/* other than ISA
This commit moves the headers residing in `repos/base/include/spec/*/drivers`
to `repos/base/include/drivers/defs` or repos/base/include/drivers/uart`
respectively. The first one contains definitions about board-specific MMIO
iand RAM addresses, or IRQ lines. While the latter contains device driver
code for UART devices. Those definitions are used by driver implementations
in `repos/base-hw`, `repos/os`, and `repos/dde-linux`, which now need to
include them more explicitely.

This work is a step in the direction of reducing 'SPEC' identifiers overall.

Ref #2403
2017-05-31 13:16:01 +02:00
Christian Helmuth
1d99e7ede9 base: classify signals as I/O and application level
Fixes #2363
2017-05-31 13:15:58 +02:00
Alexander Boettcher
3f5c1b3626 top: fix replacement strategy
Issue #2307
2017-05-31 13:15:57 +02:00
Norman Feske
9a6c194432 init: fix constness-related warnings by gcc 6.3
Fixes #2374
2017-05-31 13:15:57 +02:00
Alexander Boettcher
1220a06c3b platform_drv: avoid gcc 6 warnings 2017-05-31 13:15:55 +02:00
Norman Feske
7729398105 ps2_drv: reset mouse at startup
This patch replaces the set-defaults command by a reset command, which
is needed to use the Lenovo x250 trackpoint. (original patch by
Christian Prochaska)
2017-05-31 13:15:54 +02:00
Christian Helmuth
7680d20686 Re-enable usb_block test 2017-05-31 13:15:54 +02:00
Alexander Boettcher
7005e54de2 nova: fix syscall bindings with GCC 6
Fixes #2377
2017-05-31 13:15:52 +02:00
Norman Feske
8e7aa54493 base: drop session states of vanished clients
For asynchronously provided sessions, the parent has to maintain the
session state as long as the server hasn't explicitly responded to a
close request. For this reason, the lifetime of such session states is
bound to the server, not the client.

When the server responds to a close request, the session state gets
freed. The 'session_response' implementation does not immediately
destroy the session state but delegates the destruction to a client-side
callback, which thereby also notifies the client. However, the code did
not consider the case where the client has completely vanished at
session-response time. In this case, we need to drop the session state
immediately.

Fixes #2391
2017-05-31 13:15:52 +02:00
Christian Helmuth
117a533828 rom_filter: fix compilation with GCC 6
Issue #2372
2017-05-31 13:15:52 +02:00
Martin Stein
64fb2865b0 nic_router: fix compile error "flexible array ..."
Fixes #2384
2017-05-31 13:15:51 +02:00
Christian Prochaska
d23dd0cdb4 init: workaround for GCC 6 compile errors
Issue #2374
2017-05-31 13:15:50 +02:00
Alexander Boettcher
e3e41e5ca0 ahci: avoid deprecated warnings
Issue #1987
2017-05-02 15:29:03 +02:00
Christian Helmuth
f9bb88cd2e Disable scan-code translation in PS/2 on ARM PL050
This enables to run the driver on recent Qemu versions.
2017-05-02 15:29:02 +02:00
Christian Helmuth
67f22a6c90 Fix key count in input test 2017-05-02 15:29:02 +02:00
Christian Helmuth
e49bb4943e Deprecate policy constructor with implicit config
because it uses the deprecated config library.

Issue #1987
2017-05-02 15:29:02 +02:00
Emery Hemingway
dde11de008 Unify client policy across File_system servers
File_system servers shall deny clients not matching a defined policy.
Servers shall also apply session root offset policy followed by a client
offset.

Fix #2365
2017-05-02 15:28:57 +02:00
Christian Helmuth
f96b5b89f2 Fix more deprecated warnings
Issue #1987
2017-05-02 15:28:55 +02:00
Norman Feske
539d976a9a init: fix routing to child with multiple services
Init's service forwarding functionality did not take the service type
into account when forwarding a session request. If a server provides
multiple services, e.g. fb_sdl that provides both "Input" and
"Framebuffer", the type of the forwarded session request did not always
correspond to the actually requested type.
2017-05-02 15:28:54 +02:00
Emery Hemingway
0d488925ee server/rom_filter: generate top-level attributes
Conditionally inject attributes on the output XML node with
``<attribute name="..." value="..."``

Fix #2348
2017-05-02 15:28:48 +02:00
Christian Helmuth
d18f976b15 nitpicker: strictly type command processing 2017-03-27 12:35:23 +02:00
Christian Helmuth
b35df4578b Check Registered base class provides virtual destructor
The base class of Registered must provide a virtual destructor to enable
safe deletion with just a base class pointer. This requirement can be
lifted by using Registered_no_delete in places where the deletion
property is not needed.

Fixes #2331
2017-03-24 16:20:04 +01:00
Christian Helmuth
cb43e04691 ldso: defer execution of static constructors
Ldso now does not automatically execute static constructors of the
binary and shared libraries the binary depends on. If static
construction is required (e.g., if a shared library with constructor is
used or a compilation unit contains global statics) the component needs
to execute the constructors explicitly in Component::construct() via
Genode::Env::exec_static_constructors().

In the case of libc components this is done by the libc startup code
(i.e., the Component::construct() implementation in the libc).

The loading of shared objects at runtime is not affected by this change
and constructors of those objects are executed immediately.

Fixes #2332
2017-03-24 16:20:04 +01:00
Christian Helmuth
88db3c0df7 Fix some deprecated warnings
Issue #1987
2017-03-24 16:20:03 +01:00
Christian Helmuth
19703e6617 Remove deprecated Attached_mmio constructor 2017-03-24 16:20:01 +01:00
Norman Feske
8d68d3d8ac Adapt resource-request test to changes of init
The test used to rely on init's formerly built-in policy of answering
resource requests with slack memory, if available. Since init no longer
responds to resource requests in an autonomous way, we use a dynamically
configured sub-init instance as runtime for the test. This instance, in
turn, is monitored and controlled such that resource requests are
result in quota upgrades. The monitoring component is implemented in
the same test-resource_request program as the test. Both roles are
distinguished by the "role" config attribute.

This is a follow-up to "init: explicit response to resource requests".
2017-03-24 16:20:00 +01:00
Norman Feske
892043ed76 init: trigger report update on version change
If the version attribute of init's <config> is changes, trigger the
generation of a new state report that includes the information of the
new version.
2017-03-24 16:19:58 +01:00
Norman Feske
1fde4d638c init: service forwarding
This patch equips init with the ability to act as a server that forwards
session requests to its children. Session requests can be routed
depending of the requested service type and the session label
originating from init's parent.

The feature is configured by one or multiple <service> nodes hosted in
init's <config> node. The routing policy is selected by via the regular
server-side policy-selection mechanism, for example:

<config>
  ...
  <service name="LOG">
    <policy label="noux">
      <child name="terminal_log" label="important"/>
    </policy>
    <default-policy> <child name="nitlog"/> </default-policy>
  </service>
  ...
</config>

Each policy node must have a <child> sub node, which denotes name of the
server with the 'name' attribute. The optional 'label' attribute defines
the session label presented to the server, analogous to how the
rewriting of session labels works in session routes. If not specified,
the client-provided label is presented to the server as is.

Fixes #2247
2017-03-24 16:19:57 +01:00
Norman Feske
1489791d5e init: explicit response to resource requests
This patch removes the formerly built-in policy of responding to
resource requests with handing out slack quota. Instead, resource
requests have to be answered by an update of the init configuration with
adjusted quota values.

Note that this patch may break run scripts that depend on init's
original policy. Those run scripts may be adjusted by increasing the
quota for the components that use to inflate their RAM usage during
runtime such that the specified quota suffices for the entire lifetime
of the component.
2017-03-24 16:19:57 +01:00
Norman Feske
29c4ed45cc init: use Prio_levels type instead of basic type 2017-03-24 16:19:57 +01:00
Norman Feske
06943f413d init: respond to RAM-quota changes in config
This patch improves init's dynamic reconfigurability with respect to
adjustments of the RAM quota assigned to the children.

If the RAM quota is decreased, init withdraws as much quota from the
child's RAM session as possible. If the child's RAM session does not
have enough available quota, a resource-yield request is issued to
the child. Cooparative children may respond to such a request by
releasing memory.

If the RAM quota is increased, the child's RAM session is upgraded.
If the configuration exceeds init's available RAM, init re-attempts
the upgrade whenever new slack memory becomes available (e.g., by
disappearing other children).
2017-03-24 16:19:57 +01:00
Norman Feske
1cf830497a init: refactoring into multiple files
This patch splits the implementation of init into several headers to
make the implementation easier to digest and to maintain.
2017-03-24 16:19:56 +01:00
Norman Feske
9dca1503a8 init: apply changes of <provides> nodes
This patch enables init to apply changes of any server's <provides>
declarations in a differential way. Servers can in principle be extended
by new services without re-starting them. Of course, changes of the
<provides> declarations may affect clients or would-be clients as this
information is taken into account for the session routing.
2017-03-24 16:19:56 +01:00
Josef Söntgen
031337f039 trace_fs: remove os/server.h usage
Issue #2310.
2017-03-24 16:19:55 +01:00
Josef Söntgen
3d0bde2147 test/iso: remove env deprecated warning
Issue #2310.
2017-03-24 16:19:54 +01:00
Josef Söntgen
a26b4e6bd4 nic_bridge: remove os/server.h usage
Issue #2310.
2017-03-24 16:19:54 +01:00
Martin Stein
078f28238f os: fix some more deprecated warnings
Ref #1987
2017-03-15 14:04:56 +01:00
Alexander Boettcher
3b977d4cf3 acpi: avoid warning about dangling allocations
like

Warning: XX dangling allocations at allocator destruction time

Fixes #2330
2017-03-15 13:12:48 +01:00
Norman Feske
ec007c0f27 input_filter.run: stabilize key-repeat test
Under certain timing conditions, the test would end up flushing the
input from the input filter in a nested way, which ultimately resulted
in lost input events of the outer nesting level. This patch eliminates
this corner case and thereby stabilizes the key-repeat test.
2017-03-15 12:32:27 +01:00
Christian Helmuth
b9834bc388 Rename Linux audio driver to linux_audio_drv
Related to #2190
Fixes #2278
2017-03-15 12:32:27 +01:00
Christian Helmuth
43e7cc56a3 Rename Linux NIC driver to linux_nic_drv
Related to #2190
Issue #2278
2017-03-15 12:32:27 +01:00
Josef Söntgen
bf96c7f16e platform/x86: fix quota for local ram session
Transfer quota to the session local RAM session to react to the
Quota_exceeded exception properly.

The platform driver keeps a session local RAM session for each of its
clients that is used to allocate DMA memory. A client needs to transfer
some of its quota to the platform driver, which in return transfers this
quota to the session local RAM session. As it happens allocating memory
from a RAM session involves book keeping and in this case, where the
available quota in the session did not suffice and the request was only
a few KiB, the platform driver handled the exception wrongly and did not
transfer the quota.

This problem did not surface up to now because all drivers allocate DMA
memory in larger chunks and the book keeping overhead was of no
consequence as the initial quota transfer probably covered the overhead.

Fixes #2316.
2017-03-15 12:32:27 +01:00
Martin Stein
35cc020e9c os/server: nic_dump
A tiny bump-in-the-wire tool for dumping NIC packet information.

Ref #2314
2017-03-15 12:32:26 +01:00
Sebastian Sumpf
c1f4dad811 base-pistachio: use PIT in Genode timer
on x86_32

issue #2308
2017-03-15 12:32:26 +01:00
Stefan Kalkowski
4a30c13c2d os: synchronize thread destruction of trace test
* Increase test-thread count to trigger quota exceeding on all platforms
* Synchronize test-thread destruction, otherwise an half-destructed thread
  object can lead to an error message of the thread to be destructed,
  which causes a deadlock, when the destructed thread still holds the log lock
* Limit SMP settings for QEMU to x86 (Ref #2307)
2017-03-15 12:32:25 +01:00
Alexander Boettcher
beb5169ee9 signal test: fix destruction of nested test
The signal_1/2/3 objects (which are threads) are in destruction, but still
signals are send to them. When the signal arrive and the memory for the
signal_1/2/3 object is already invalid we operate on stale memory and all
the locking infrastructure of the Thread don't work anymore.

Be more robust, explicitly wait for the termination of the thread.

Issue #2284
2017-03-15 12:32:25 +01:00
Alexander Boettcher
451c08ac01 os: app showing top style CPU utilization via LOG
Fixes #2307
2017-03-15 12:32:25 +01:00
Martin Stein
e744c76bf2 mmio: make base address member private
Ref #2196
2017-03-15 12:32:24 +01:00
Martin Stein
5366c8cf7e ahci: do not copy port MMIO objects
Ref #2196
2017-03-15 12:32:23 +01:00
Christian Helmuth
ca57afd67e terminal_crosslink: prevent deprecated warning 2017-03-15 12:24:43 +01:00
Martin Stein
a558afbed5 rpi sd_card: move to new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Martin Stein
31f4c0640a omap4 sd_card: move to new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Martin Stein
a42e53728d imx sd_card: move to new Mmio::wait_for 2017-03-15 12:24:43 +01:00
Martin Stein
acf762ec9f exynos5 fb_driver: use new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Martin Stein
7d4674b728 rpi platform driver: use new Mmio::wait_for
Ref #2196
2017-03-15 12:24:43 +01:00
Stefan Kalkowski
fbdfbc2476 bomb: remove redundant Rpc_entrypoint in Child
Fixes #2302
2017-03-15 12:24:41 +01:00
Martin Stein
dc415669aa signal test: add stressful nested test
Ref #2284
2017-03-15 12:24:40 +01:00
Josef Söntgen
5ad4da4b1b os: force Out_of_metadata exception in TRACE test
We have to create additional threads to trigger the Out_of_metadata
exception on certain platforms.

Fixes #2297.
2017-02-28 13:00:44 +01:00
Josef Söntgen
552bb13f99 rom_logger: remove env deprecated warning
Issue #2280.
2017-02-28 12:59:31 +01:00
Norman Feske
23ad546a88 init: make RAM preservation configurable
This patch improves the accuracy of init's quota-saturation feature
(handing out all slack quota to a child by specifying an overly high RAM
quota for the child) and makes the RAM preserved by init configurable.
The preservation is specified as follows:

! <config>
!   ...
!   <resource name="RAM" preserve="1M"/>
!   ...
! </config>

If not specified, init has a reasonable default of 160K (on 32 bit) and
320K (on 64 bit).
2017-02-28 12:59:30 +01:00
Alexander Boettcher
28b359703d ram_fs: avoid Deref_unconstructed_object exception
if ROM is invalid. With the patch one gets a name of the ROM and the
server continues.
2017-02-28 12:59:30 +01:00
Josef Söntgen
ecd5bef7cb rom_to_file: remove Server library
Issue #2280.
2017-02-28 12:59:30 +01:00
Josef Söntgen
0c7200a0fe gpio: remove env deprecated warnings
And while there, remove usage of Server library.

Issue #2280.
2017-02-28 12:59:30 +01:00
Josef Söntgen
4f8804c334 input/imx53: remove env deprecated warnings
Issue #2280.
2017-02-28 12:59:30 +01:00
Norman Feske
29b8d609c9 Adjust file headers to refer to the AGPLv3 2017-02-28 12:59:29 +01:00
Norman Feske
150c286f0e init: dynamic configuration
This patch lets init apply configuration changes to a running scenario
in a differential way. Children are restarted if any of their session
routes change, new children can be added to a running scenario, or
children can deliberately be removed.

Furthermore, the new version of init is able to propagate configuration
changes (modifications of <config> nodes) to its children without
restarting them.
2017-02-28 12:59:26 +01:00
Norman Feske
a9795c93f9 init: use buffered XML for config 2017-02-28 12:59:26 +01:00
Norman Feske
e4fba26a85 init: Genode::String for unique and binary name
This patch removes the use of C-style string functions from init.
2017-02-28 12:59:26 +01:00
Alexander Boettcher
328da2975f vfs: fix races in fs_file_system with pthreads
Change metadata before submitting a packet. If the submitting thread is a
pthread, the metadata may be immediately change by the signal handler running
in the context of the entrypoint thread.
2017-02-28 12:59:23 +01:00
Josef Söntgen
69c48a3626 os: refactor Global_file_system_factory
The global file system factory is now created explicitly and the
global singleton accessor function was removed.

Fixes #2281.
2017-02-28 12:59:23 +01:00
Norman Feske
9cba459958 base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.

In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping

Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.

For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-28 12:59:23 +01:00
Norman Feske
641fb08b5f Automated test for init 2017-02-28 12:59:23 +01:00
Norman Feske
84fddafda7 init: enable init to report its internal state
This patch equips init with the ability to report its internal state in
the form of a "state" report. This feature can be enabled by placing a
'<report>' node in init's configuration.

The report node accepts the following arguments (with their default
values):

'delay_ms="100"': specifies the number of milliseconds to wait before
  producing a new report. This way, many consecutive state changes -
  like they occur during the startup - do not result in an overly
  large number of reports but are merged into one final report.

'buffer="4K"': the maximum size of the report in bytes. The attribute
  accepts the use of K/M/G as units.

'init_ram="no"': if enabled, the report will contain a '<ram>' node
  with the memory stats of init.

'ids="no"': supplement the children in the report with unique IDs, which
  may be used to infer the lifetime of children accross configuration
  updates in the future;

'requested="no"': if enabled, the report will contain information about
  all session requests initiated by the children.

'provided="no"': if enabled, the report will contain information about
  all sessions provided by all servers.

'session_args="no"': level of detail of the session information
  generated via 'requested' or 'provided'.

'child_ram="no"': if enabled, the report will contain a '<ram>' node
  for each child based on the information obtained from the child's RAM
  session.

Issue #2246
2017-02-28 12:59:22 +01:00
Martin Stein
a4d110aa60 nic_router: fix indentation in verbose log
Ref #2193
2017-02-28 12:59:21 +01:00
Norman Feske
e17811fb7a cli_monitor: API transition
Issue #1987
2017-02-28 12:59:20 +01:00
Sebastian Sumpf
2d199982eb os: add 'wait_and_dispatch_one_signal' test 2017-02-28 12:59:20 +01:00
Norman Feske
b1a9addeb6 os/child_policy_dynamic_rom.h: API transition
Issue #1987
2017-02-28 12:59:19 +01:00
Josef Söntgen
b1dca8e047 os: pass env to connections in uart test
Issue #2280.
2017-02-28 12:59:18 +01:00