Commit Graph

538 Commits

Author SHA1 Message Date
Norman Feske
b0b92e4ee2 vfs: pass root directory to plugins
This patch enables the use of the VFS from VFS plugins by passing a
reference of the root directory to the constructors of file-system
instances. Since it changes the signature of 'Vfs::Dir_file_system',
any code that uses the VFS directly requires an adaptation.

Fixes #2701
2018-04-10 11:09:17 +02:00
Norman Feske
d59d07b5e3 os: util/utf8.h for UTF-8 string handling
This patch adds a simple UTF-8 decoder at 'os/include/util/utf8.h'
along with a test at 'os/run/utf8.run'.

Fixes #2717, related to issue #2716
2018-03-27 13:44:27 +02:00
Norman Feske
579ca1063c os: support non-int coordinates in 'Point<>' 2018-03-27 13:43:09 +02:00
Emery Hemingway
013eb506a8 Vfs::Dir_file_system: do not use Vfs_handle for opening directories as files
The Dir_file_system uses static cast to convert handles from the
application to a plugin local type. For this reason, only the local
handle type may be returned from 'opendir' or 'open'. This fixes the
unexpected behavior when opening directories as files.

Fix #2533
2018-02-15 10:22:09 +01:00
Alexander Boettcher
e05a708024 os: reset packet_allocator members
Fixes #2632
2018-02-15 10:22:09 +01:00
Emery Hemingway
4a3fc21ada New watch handle mechanism for File_system session
File_system clients may now watch files and directories for changes by
opening a 'Watch_handle' rather than submitting a 'CONTENT_CHANGED'
packet to the server. When a change happens at a node with an open
Watch_handle a CONTENT_CHANGED packet will be sent from the server to
the client. This serializes registration with other handle operations
and separates I/O handle state from notification handle state.

Test at run/fs_rom_update.

Ref #1934
2018-02-14 20:41:09 +01:00
Emery Hemingway
c7d0accac0 VFS: catch Out_of_ram and Out_of_cap exceptions
Catch out of RAM and capability exceptions and return error values.
Abort opening a composite directory at Dir_file_system where an
opendir call on any child file-system returns an OUT_OF_RAM or
OUT_OF_CAPS error.

Ref #2642
2018-02-14 20:41:07 +01:00
Norman Feske
8aa1e349fc terminal session: propagate resize events
The new 'Terminal_session::size_changed_sigh' RPC function registers a
signal handler that is triggered each time when the terminal size
changes. It enables the client to adjust itself to the new size by
subsequently calling the 'size' RPC function. Of all terminal servers,
only the graphical terminal triggers this signal.
2018-02-14 20:41:03 +01:00
Norman Feske
96a068f90a terminal: improve internal structure
This patch reorganizes the terminal's source code to become easier to
extend. It also enables the strict warning level.
2018-02-09 14:04:32 +01:00
Christian Prochaska
12c8e51071 terminal fixes
- handle line wraps in 'ech()'
- take (1,1) origin into account in 'hpa()' and 'vpa()'
- unify handling of SGR escape sequences of different lengths
- accept the '[?2004h' and '[?2004l' escape sequences (used by midnight commander)

Fixes #2671
2018-02-09 14:04:25 +01:00
Norman Feske
66a93d9199 os: add 'Expanding_reporter' to os/reporter.h
The 'Expanding_reporter' wrapper for the 'Reporter' eliminates
the burden of handling 'Xml_generator::Buffer_exceeded' exceptions
from components that generate reports.

Fixes #2655
2018-02-09 14:04:06 +01:00
Norman Feske
cde8163770 os: make 'Buffered_xml' util publicly available
The 'Buffered_xml' utility is used by three components and a fourth is
on the way. To avoid another duplication of the code, this patch makes
it publicly available at 'os/buffered_xml.h'.
2018-02-09 13:34:17 +01:00
Josef Söntgen
4009239328 vfs: skip synced file systems in complete_sync
Fixes #2606.
2018-01-17 12:14:43 +01:00
Martin Stein
fbd545ae70 net: remove unused enums
Issue #465
2018-01-17 12:14:41 +01:00
Martin Stein
4f1d43ce21 net: remove placement new operators
They are not used any more.

Issue #465
2018-01-17 12:14:41 +01:00
Martin Stein
f4a2d932e3 net: check packet data size in accessor
Instead of having a method validate_size in each packet class, check
sizes in the data accessor of the surrounding packet class. This packet
accessor is the one that casts the data pointer to the desired data type
so it is sensible that it also checks whether the desired type would
exceed the available RAM before doing the cast. This also fits nicely
the fact that for the top-level packet-class of a packet, the size must
not be checked (which was previously done).

Issue #465
2018-01-17 12:14:41 +01:00
Norman Feske
eba9c15746 Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:

* A class with virtual functions can no longer publicly inherit base
  classed without a vtable. The inherited object may either be moved
  to a member variable, or inherited privately. The latter would be
  used for classes that inherit 'List::Element' or 'Avl_node'. In order
  to enable the 'List' and 'Avl_tree' to access the meta data, the
  'List' must become a friend.

* Instead of adding a virtual destructor to abstract base classes,
  we inherit the new 'Interface' class, which contains a virtual
  destructor. This way, single-line abstract base classes can stay
  as compact as they are now. The 'Interface' utility resides in
  base/include/util/interface.h.

* With the new warnings enabled, all member variables must be explicitly
  initialized. Basic types may be initialized with '='. All other types
  are initialized with braces '{ ... }' or as class initializers. If
  basic types and non-basic types appear in a row, it is nice to only
  use the brace syntax (also for basic types) and align the braces.

* If a class contains pointers as members, it must now also provide a
  copy constructor and assignment operator. In the most cases, one
  would make them private, effectively disallowing the objects to be
  copied. Unfortunately, this warning cannot be fixed be inheriting
  our existing 'Noncopyable' class (the compiler fails to detect that
  the inheriting class cannot be copied and still gives the error).
  For now, we have to manually add declarations for both the copy
  constructor and assignment operator as private class members. Those
  declarations should be prepended with a comment like this:

        /*
         * Noncopyable
         */
        Thread(Thread const &);
        Thread &operator = (Thread const &);

  In the future, we should revisit these places and try to replace
  the pointers with references. In the presence of at least one
  reference member, the compiler would no longer implicitly generate
  a copy constructor. So we could remove the manual declaration.

Issue #465
2018-01-17 12:14:35 +01:00
Emery Hemingway
ed89f2f7f0 Add millisecond accessor to Genode::Duration value object
Add a 'trunc_to_plain_ms' method to Gende::Duration to make
millisecond-accurate timing safer and more convenient.

Ref #2335
2017-12-21 15:01:51 +01:00
Martin Stein
70c5c31ec9 nic_router: better warnings on bad DHCP requests
Be more descriptive about why the NIC router thinks that a DHCP request
sent to him is bad.

Issue #2534
2017-12-21 15:01:38 +01:00
Martijn Verschoor
8fe0a7514f Nic::Session_component: pass entrypoint in constructor
Added a new constructor that takes the entrypoint as constructor
argument. The original constructor retrieves the entrypoint from the
Genode environment. This does not allow to use a different entrypoint.
2017-12-21 15:01:33 +01:00
Christian Prochaska
dd98bd67a0 pointer: custom pointer shape support
Make the revised 'vbox_pointer' component the new 'pointer' component.

Fixes #2585
2017-11-30 11:23:22 +01:00
Norman Feske
40c9226bb9 os: add Color::print, enhance ascii_to<Color>
This patch adds a 'Color::print' method as counterpart to the 'ascii_to'
function. If the color is opaque (alpha is 255), its output has the form
"#rrggbb". If the color has a distinct alpha value, the output has the
form "#rrggbbaa". The new version of the 'ascii_to' overload for 'Color'
is able to deal with both forms.
2017-11-30 11:23:14 +01:00
Sebastian Sumpf
9c852c750a vfs: handle root directory explicitly
This makes '/' and the actual root of VFS distinguishable. A VFS root
may contain one ore more '/' entries for each file system. 'opendir' for
the VFS root opens all file systems via 'open_composite_dir', while
'opendir' for '/' only returns a VFS handle.

Fixes #2569
2017-11-30 11:23:10 +01:00
Martin Stein
e87f63944f timeout: replace Duration operators by methods
void += (Microseconds) -> void add(Microseconds)
void += (Milliseconds) -> void add(Milliseconds)
bool < (Duration)      -> bool less_than(Duration)

Issue #2581
2017-11-30 11:23:09 +01:00
Martin Stein
26bcd439f7 timeout: fix bug in duration + duration testing
The += operator contained bugs. We now also do some tests on the Duration
type at the beginning of the timeout test.

Fixes #2581
2017-11-30 11:23:09 +01:00
Norman Feske
a255ffaee9 input: disarm obnoxious press/release events
This patch adds a sanity check to the Event::type accessor. If the key
code of a given PRESS or RELEASE event is out of the valid range, it
reports an INVALID event. This way, client side code does not need to
deal with such edge cases. E.g., on Lenovo notebooks, the ps2 driver
reports strange key events when pressing shift-pageup/pagedown,
violating the general assumption that there is a release event for each
press event. By flagging these events as INVALID, the client-side logic
stays intact.
2017-11-30 11:23:07 +01:00
Emery Hemingway
07b36573ea Restrict VFS Dir_filesystem allocations to 'opendir' only
Allocations made at the client-side of the VFS must be contained within
functions that may return errors indicating resource exhaustion.

Fix #2569
2017-11-30 11:23:02 +01:00
Emery Hemingway
a0c0f3d7c9 Print support for VFS errors
Ref #2569
2017-11-30 11:23:02 +01:00
Emery Hemingway
ca0c86e7af Enforce cap quotas at VFS server, increase initial File_system cap donation
Check at the VFS server that the capability cost of sessions do not
exceed the session quota donation. Raise the default initial capability
donation for File_system connections.

Fix #2553
2017-11-30 11:23:02 +01:00
Norman Feske
55dc3abf00 Move gems/bezier.h to util/bezier.h (in repos/os)
This way, os components (i.e., input_filter) can use it for nonlinear
interpolation.
2017-11-09 12:18:43 +01:00
Christian Prochaska
547cc06976 ram_fs: throw exception when unlinked node gets accessed
Fixes #2536
2017-11-09 12:18:05 +01:00
Martin Stein
0ca248551a net: move Ipv4_address_prefix to nic_router
As this tool is not used by any other component make it local to the
NIC router to keep the net-lib interface small.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
50aba6f21b dhcp: support reading of some further option types
Client ID, maximum message size, IP lease time, and requested address.
All needed for the upcoming DHCP client.

Ref #2534
2017-11-06 13:57:21 +01:00
Norman Feske
dd5b03671d os: don't limit file-systems-session upgrades
The 'File_system::Connection' already performs an on-demand session
upgrade should the server report an 'Out_of_caps' or 'Out_of_ram'
condition. So file-system clients are normally relieved from handling
those exceptions. However, the upgrade was limited to two attempts per
operation (which amounts to 16 KiB). When using the Rump VFS plugin in
the VFS server, this amount does not always suffice. So the exception is
reflected to the client. I observed this problem as a message "unhandled
error" printed by fs_rom. This patch removes the upgrade limit such that
a greedy file-system server becomes iteratively upgraded until it stops
arguing or the client's RAM is exhausted.
2017-11-06 13:57:18 +01:00
Martin Stein
30a96706cb nic_router: dhcp server functionality
One can configure the NIC router to act as DHCP server at interfaces of a
domain by adding the <dhcp> tag to the configuration of the domain like
this:

<domain name="vbox" interface="10.0.1.1/24">
    <dhcp-server ip_first="10.0.1.80"
                 ip_last="10.0.1.100"
                 ip_lease_time_sec="3600"
                 dns_server="10.0.0.2"/>
    ...
</domain>

The attributes ip_first and ip_last define the available IPv4 address
range while ip_lease_time_sec defines the lifetime of an IPv4 address
assignment in seconds. The IPv4 address range must be in the subnet
defined by the interface attribute of the domain tag and must not cover
the IPv4 address in this attribute. The dns_server attribute gives the
IPv4 address of the DNS server that might also be in another subnet.
The lifetime of an offered assignment is the configured round trip time of
the router while the ip_lease_time_sec is applied only if the offer is
requested by the client in time.

The ports/run/virtualbox_nic_router.run script is an example of how to
use the new DHCP server functionality.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
d63c40af3e dhcp: extend options utilities
Provide utilities for appending new options to an existing DHCP packet
and a utility for finding existing options that returns a typed option
object. Remove old version that return untyped options.

Ref #2490
2017-10-19 13:29:44 +02:00
Martin Stein
791fd9806f ipv4 address: conversion from and to integer
Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
d0f5838c61 net: clean up header fields and accessors
Apply the style rule that an accessor is named similar to the the underlying
value. Provide read and write accessors for each mandatory header attribute.
Fix some incorrect structure in the headers like with the flags field
in Ipv4_packet.

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
7b55d4d5d9 ethernet: rework type for ethernet type value
Encapsulate the enum into a struct so that it is named
Ethernet_frame::Type::Enum, give it the correct storage type
uint16_t, and remove those values that are (AFAIK) not used by
now (genode, world).

Ref #2490
2017-10-19 13:29:43 +02:00
Christian Helmuth
f9b3c6d2cf Remove unused os/alarm.h include from loader 2017-10-19 13:29:41 +02:00
Christian Helmuth
28004bc9e6 timer: limit rate of handling timeouts
Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-05 17:40:05 +02:00
Norman Feske
6d361b337b input/root.h: support re-opening of sessions
This patch fixes an aliasing problem of the 'close' method signature
that prevented the Input::Root_component::close method to be called.
This way, the event-queue state was not reset at session-close time,
which prevented a subsequent session-creation request to succeed. With
the patch, input servers like ps2_drv, usb_drv that rely on the
Input::Root_component support the dynamic re-opening of sessions. This
happens in particular when using a dynamically configured input filter.
2017-10-05 17:40:03 +02:00
Josef Söntgen
e1ada57bfa vfs: use unsigned 64bit for media size ioctl
Fixes #2523.
2017-10-05 17:40:02 +02:00
Norman Feske
6fcf95d536 terminal: cursor-key handling w/o set key layout
This patch applies the handling of cursor keys, function keys, and page
up/down keys even if no keymap is defined. This is the case when using
the terminal with character events produced by the input filter.
2017-10-05 17:39:59 +02:00
Martin Stein
2633ff8661 alarm: fix information loss due to int-cast
When we have two time values of an unsigned integer type and we create
the difference and want to know wether it is positive or negative within
the same value we loose at least one half of the value range for casting
to signed integers. This was the case in the alarm scheduler when
checking wether an alarm already triggered. Even worse, we casted from
'unsigned long' to 'signed int' which caused further loss on at least
x86_64. Thus, big timeouts like ~0UL falsely triggered directly.

Now, we use an extra boolean value to remember in which period of the
time counter we are and to which period of the time counter the deadline
of an alarm belongs. This boolean switches its value each time the time
counter wraps. This way, we can avoid any casting by checking wether the
current time is of the same period as the deadline of the alarm that we
inspect. If so, the alarm is pending if "current time >= alarm
deadline", otherwise it is pending if "current time < alarm deadline".

Ref #2490
2017-10-05 17:39:56 +02:00
Josef Söntgen
198019edca os: add Gpu driver for Intel Gen8 HD graphics
This commit introduces a experimental 3D driver for Intel Gen8 HD
graphics devices as well as the corresponding Gpu session.

Fixes #2507.
2017-08-30 09:59:57 +02:00
Emery Hemingway
1fce8d0d74 default ahci_drv and part_blk Block sessions to read-only
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.

Fix #2469
2017-08-28 16:49:51 +02:00
Sebastian Sumpf
66db2ee54e libports: Mesa 11.2.2
OpenGL 4.5 with software and i965 rendering back ends.

issue #2488
2017-08-28 16:49:43 +02:00
Norman Feske
cb72784717 os: add template specialization for alpha pixel
The specialization is needed for applying anti-aliased drawing
operations on alpha channels.
2017-08-28 16:49:39 +02:00
Christian Prochaska
b0935ef9b2 VFS: nonblocking interface
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.

For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.

The most important changes are:

- Directories are created and opened with the 'opendir()' function and the
  directory entries are read with the recently introduced 'queue_read()'
  and 'complete_read()' functions.

- Symbolic links are created and opened with the 'openlink()' function and
  the link target is read with the 'queue_read()' and 'complete_read()'
  functions and written with the 'write()' function.

- The 'write()' function does not wait for signals anymore. This can have
  the effect that data written by a VFS library user has not been
  processed by a file system server yet when the library user asks for the
  size of the file or closes it (both done with RPC functions at the file
  system server). For this reason, a user of the VFS library should
  request synchronization before calling 'stat()' or 'close()'. To make
  sure that a file system server has processed all write request packets
  which a client submitted before the synchronization request,
  synchronization is now requested at the file system server with a
  synchronization packet instead of an RPC function. Because of this
  change, the synchronization interface of the VFS library is now split
  into 'queue_sync()' and 'complete_sync()' functions.

Fixes #2399
2017-08-28 16:49:38 +02:00
Martin Stein
b6efa7f6f9 timer connection: fast initial calibration
The calibration of the interpolation parameters was previously only done
periodically every 500 ms. Together with the fact that the parameters
had to be stable for at least 3 calibration steps to enable
interpolation, it took at least 1.5 seconds after establishing a
connection to get microseconds-precise time values.

This is a problem for some drivers that directly start to poll time.
Thus, the timer connection now does a calibration burst as soon as it
switches to the modern mode (the mode with microseconds precision).
During this phase it does several (currently 9) calibration steps
without a delay inbetween. It is assumed that this is fast enough to not
get interrupted by scheduling. Thus, despite being small, the measured
values should be very stable which is why the burst should in most cases
be sufficient to get the interpolation initialized.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
adaad64fbb timer connection: relax factor shifting
When in modern mode (with local time interpolation), the timer
connection used to maximize the left shifting of its
timestamp-to-microseconds factor. The higher the shift the more precise
is the translation from timestamps to microseconds. If the timestamp
values used for determining the best shift were small - i.e.  the delay
between the calibration steps were small - we may got a pretty big
shift.  If we then used the shift with bigger timestamp values - i.e.
called curr_time seldom or raised calibration delays - the big shift
value became a problem. The framework had to scale down all measured
timestamps and time values temporarily to stay operative until the next
calibration step.

Thus, we now raise the shift only that much that the resulting factor
fullfills a given minimum. This keeps it as low as possible according
to the precision requirement. Currently, this requirement is set to 8
meaning that the shifted factor shall be at least 2^8 = 256.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
6dfb903bd0 timer connection: always work with microseconds
As the timer session now provides a method 'elapsed_us', there is no more need
for doing any internal calculations with values of milliseconds.

Ref #2400
2017-08-23 14:08:36 +02:00
Martin Stein
8750e373a0 timer session: add elapsed_us method
As timer sessions are not expected to be microseconds precise (because
of RPC latency and scheduling), the session interface provided only a
method 'elapsed_ms' although the back end of this method in the timer
driver works with microseconds.

However, in some cases it makes sense to have a method 'elapsed_us'. The
values it returns might be milliseconds away from the "real" time but it
allows you to work with delays smaller than a millisecond without
getting a zero delta value.

This commit is motivated by the need for fast bursts of calibration
steps for the time interpolation in the new timer connection.

Ref #2400
2017-08-23 14:08:36 +02:00
Norman Feske
0b580628cf file system: track content via version counter
This makes the delivery of CONTENT_CHANGED responses more robust.
2017-08-17 10:59:43 +02:00
Christian Prochaska
6a43f3c11a file system: use Id_space instead of Node_handle_registry
Fixes #2436
2017-08-17 10:59:43 +02:00
Christian Helmuth
78f1fd29f7 Translate buffer-exceeded exception in Session_requester
Session_requester inherits from Dynamic_rom_session::Content_producer
which specifies the Buffer_capacity_exceeded exception which is thrown
on insufficient buffer space.
2017-06-29 12:00:03 +02:00
Martin Stein
9b1c26ab7f timeout lib: dynamic interpolation-factor shift
In the timeout framework, we maintain a translation factor value to
translate between time and timestamps. To raise precision we scale-up
the factor when we calculate it and scale-down the result of its
appliance later again. This up and down scaling is achieved through
left and right shifting. Until now, the shift width was statically
choosen. However, some platforms need a big shift width and others a
smaller one. The one static shift width couldn't cover all platforms
which caused overflows or precision problems.

Now, the shift width is choosen optimally for the actual translation
factor each time it gets re-calculated. This way, we can take care that
the shift always renders the best precision level without the risk for
overflows.

Ref #2400
2017-06-29 11:59:54 +02:00
Josef Söntgen
8f577e9d25 usb: use if-else in packet_handler
Apparently this construct leads to a compiler errors like

  error: second operand to the conditional operator is of type ‘void’, but
  the third operand is neither a throw-expression nor of type ‘void’
2017-06-19 12:35:57 +02:00
Emery Hemingway
1eb37fbe22 VFS: move 'sync' from 'File_system' to 'Directory_service'
The the parent 'Directory_service' interface is reachable from
'Vfs_handle', whereas the 'File_system' interface is not.

Fix #2437
Ref #2422
2017-06-12 14:32:07 +02:00
Sebastian Sumpf
c3cf7f3c3a riscv: ISA-1.9.1 and GCC-6.3.0 adaptions
Adds 1.9.1 support to base-hw

Note:
* the kernel timer is not working
* dynamic linking is currently not supported
2017-05-31 13:16:24 +02:00
Stefan Kalkowski
632ef28463 os: removal of deprecated os/config.h (fix #2431) 2017-05-31 13:16:22 +02:00
Emery Hemingway
16be05e530 Optional session label for Rtc connection constructor
Ref #2410
2017-05-31 13:16:22 +02:00
Norman Feske
adb26b5216 API documentation refinements 2017-05-31 13:16:21 +02:00
Christian Prochaska
16deaa9a72 timed_semaphore: fix deprecated warning
Fixes #2429
2017-05-31 13:16:19 +02:00
Norman Feske
0167d5af50 Integrate core's RAM service into the PD service
Fixes #2407
2017-05-31 13:16:14 +02:00
Norman Feske
71efb59873 terminal: add Cell_array destructor
With the capability-quota mechanism, the terminal-session won't always
be constructed completely on the first try (we may run out of caps in
the middle of the construction). Therefore, all members of the object
must be properly destructable. Furthermore, the patch replaces the
sliced heap by a heap to avoid allocating a new dataspace for each line
of the cell array.
2017-05-31 13:16:12 +02:00
Martin Stein
c70fed29f7 os/timer: interpolate time via timestamps
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end.  Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.

This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.

This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled.  Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.

With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.

This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.

Open issues:

* The timeout test fails on Raspberry PI because of precision errors in the
  first stage. However, this does not render the framework unusable in general
  on the RPI but merely is an issue when speaking of microseconds precision.

* If we run on ARM with another Kernel than HW the timestamp speed may
  continuously vary from almost 0 up to CPU speed. The Timer, however,
  only uses interpolation if the timestamp speed remained stable (12.5%
  tolerance) for at least 3 observation periods. Currently, one period is
  100ms, so its 300ms. As long as this is not the case,
  Timer_session::elapsed_ms is called instead.

  Anyway, it might happen that the CPU load was stable for some time so
  interpolation becomes active and now the timestamp speed drops. In the
  worst case, we would now have 100ms of slowed down time. The bad thing
  about it would be, that this also affects the timeout of the period.
  Thus, it might "freeze" the local time for more than 100ms.

  On the other hand, if the timestamp speed suddenly raises after some
  stable time, interpolated time can get too fast. This would shorten the
  period but nonetheless may result in drifting away into the far future.
  Now we would have the problem that we can't deliver the real time
  anymore until it has caught up because the output of Timer::curr_time
  shall be monotone. So, effectively local time might "freeze" again for
  more than 100ms.

  It would be a solution to not use the Trace::timestamp on ARM w/o HW but
  a function whose return value causes the Timer to never use
  interpolation because of its stability policy.

Fixes #2400
2017-05-31 13:16:11 +02:00
Stefan Kalkowski
9b350e7706 os: move private declarations to driver target
Ref #2403
2017-05-31 13:16:09 +02:00
Norman Feske
4d442bca30 Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.

Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.

This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-31 13:16:07 +02:00
Norman Feske
1f4f119b1e Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.

Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.

At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.

If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:

  <default-route>
    <service name="PD" unscoped_label="timer">
      <parent diag="yes"/>
    </service>
    ...
  </default-route>

For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.

Fixes #2398
2017-05-31 13:16:06 +02:00
Norman Feske
e44f65f3b2 core: RAM service based on 'Session_object'
This patch reworks the implementation of core's RAM service to make use
of the 'Session_object' and to remove the distinction between the
"metadata" quota and the managed RAM quota. With the new implementation,
the session implicitly allocates its metadata from its own account. So
there is not need to handle 'Out_of_metadata' and 'Quota_exceeded' via
different exceptions. Instead, the new version solely uses the
'Out_of_ram' exception.

Furthermore, the 'Allocator::Out_of_memory' exception has become an alias
for 'Out_of_ram', which simplifies the error handling.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
3670f7735d base: use 'Quota_transfer::Account' for 'Service'
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.

Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.

With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
6609aafb05 Replace Quota_exceeded by Insufficient_ram_quota
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.

Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).

This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
843dd179d7 base: remove int return types from 'Ram_session'
This patch replaces the existing C-style error codes with C++
exceptions.

Fixes #895
2017-05-31 13:16:04 +02:00
Norman Feske
58f44d39c5 base: use 'Ram_quota' in 'Ram_session' args
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
ff68d77c7d base: new 'Ram_allocator' interface
The 'Ram_allocator' interface contains the subset of the RAM session
interface that is needed to satisfy the needs of the 'Heap' and
'Sliced_heap'. Its small size makes it ideal for intercepting memory
allocations as done by the new 'Constrained_ram_allocator' wrapper
class, which is meant to replace the existing 'base/allocator_guard.h'
and 'os/ram_session_guard.h'.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
c1b981ede4 Annotate session interfaces with CAP_QUOTA
The new 'CAP_QUOTA' enum value denotes the capability quota to be
transferred from the client to the server at session-creation time.

Issue #2398
2017-05-31 13:16:04 +02:00
Emery Hemingway
24a9537a27 File_system: replace per-handle signals with notification packets
Replace registration and signaling of per-handle signal capabilities
with CONTENT_CHANGED notification packets.

Fix #2397
2017-05-31 13:16:01 +02:00
Stefan Kalkowski
6106e64aac base: remove include/spec/* other than ISA
This commit moves the headers residing in `repos/base/include/spec/*/drivers`
to `repos/base/include/drivers/defs` or repos/base/include/drivers/uart`
respectively. The first one contains definitions about board-specific MMIO
iand RAM addresses, or IRQ lines. While the latter contains device driver
code for UART devices. Those definitions are used by driver implementations
in `repos/base-hw`, `repos/os`, and `repos/dde-linux`, which now need to
include them more explicitely.

This work is a step in the direction of reducing 'SPEC' identifiers overall.

Ref #2403
2017-05-31 13:16:01 +02:00
Christian Helmuth
1d99e7ede9 base: classify signals as I/O and application level
Fixes #2363
2017-05-31 13:15:58 +02:00
Norman Feske
9a6c194432 init: fix constness-related warnings by gcc 6.3
Fixes #2374
2017-05-31 13:15:57 +02:00
Christian Prochaska
52411c9017 terminal: add support for 'ESC[m' sequence
Fixes #2392
2017-05-31 13:15:51 +02:00
Christian Helmuth
e49bb4943e Deprecate policy constructor with implicit config
because it uses the deprecated config library.

Issue #1987
2017-05-02 15:29:02 +02:00
Christian Helmuth
19703e6617 Remove deprecated Attached_mmio constructor 2017-03-24 16:20:01 +01:00
Norman Feske
f6c494497b os: remove stale xev_track.h header
This is a follow-up commit to "Remove app/xvfb and lib/xev_track".

Issue #1987
2017-03-24 16:19:57 +01:00
Norman Feske
b3e5357cf1 Adaptation to init refactoring
Since init no longer provides public headers, we have to adjust the
existing users of this headers. The 'init/child_config.h' is used only
by GDB monitor. So the patch moves the header there as an interim fix.
The 'init/child_policy.h' is still used by a few components, so we have
to keep a trimmed-down version of it for now.
2017-03-24 16:19:56 +01:00
Norman Feske
1cf830497a init: refactoring into multiple files
This patch splits the implementation of init into several headers to
make the implementation easier to digest and to maintain.
2017-03-24 16:19:56 +01:00
Norman Feske
9dca1503a8 init: apply changes of <provides> nodes
This patch enables init to apply changes of any server's <provides>
declarations in a differential way. Servers can in principle be extended
by new services without re-starting them. Of course, changes of the
<provides> declarations may affect clients or would-be clients as this
information is taken into account for the session routing.
2017-03-24 16:19:56 +01:00
Norman Feske
8d4fb288d9 init: add version attribute to start nodes
The optional 'version' attribute allows for the forced restart of a
child with an otherwise unmodified start node. The specified value is
also reflected in the state report.
2017-03-24 16:19:56 +01:00
Norman Feske
fcf25c22d1 init: respond to binary-name changes
This patch covers the resolution of the ROM route for child binaries
via the generic label-rewriting mechanics. Now, the <binary> node has
become merely sytactic sugar for a route like the following:

<start name="test"/>
  <route>
    <service name="ROM" unscoped_label="test">
      <parent label="test-binary-name"/> </service>
      ...
  </route>
  ...
</start>

A change of the binary name has an effect on the child's ROM route to
the binary and thereby implicitly triggers a child restart due to the
existing re-validation of the routing.
2017-03-24 16:19:55 +01:00
Norman Feske
39e409f756 os: sanity check in Reporter::Xml_generator
With this check in place, one can safely construct an 'Xml_generator'
even if the report is disabled. This relieves the user of the reporter
from the need to distinguish enabled from disabled reports.
2017-03-24 16:19:55 +01:00
Norman Feske
23ad546a88 init: make RAM preservation configurable
This patch improves the accuracy of init's quota-saturation feature
(handing out all slack quota to a child by specifying an overly high RAM
quota for the child) and makes the RAM preserved by init configurable.
The preservation is specified as follows:

! <config>
!   ...
!   <resource name="RAM" preserve="1M"/>
!   ...
! </config>

If not specified, init has a reasonable default of 160K (on 32 bit) and
320K (on 64 bit).
2017-02-28 12:59:30 +01:00
Josef Söntgen
0c7200a0fe gpio: remove env deprecated warnings
And while there, remove usage of Server library.

Issue #2280.
2017-02-28 12:59:30 +01:00
Josef Söntgen
4f8804c334 input/imx53: remove env deprecated warnings
Issue #2280.
2017-02-28 12:59:30 +01:00
Norman Feske
29b8d609c9 Adjust file headers to refer to the AGPLv3 2017-02-28 12:59:29 +01:00
Norman Feske
150c286f0e init: dynamic configuration
This patch lets init apply configuration changes to a running scenario
in a differential way. Children are restarted if any of their session
routes change, new children can be added to a running scenario, or
children can deliberately be removed.

Furthermore, the new version of init is able to propagate configuration
changes (modifications of <config> nodes) to its children without
restarting them.
2017-02-28 12:59:26 +01:00
Norman Feske
a9795c93f9 init: use buffered XML for config 2017-02-28 12:59:26 +01:00
Norman Feske
e4fba26a85 init: Genode::String for unique and binary name
This patch removes the use of C-style string functions from init.
2017-02-28 12:59:26 +01:00
Josef Söntgen
69c48a3626 os: refactor Global_file_system_factory
The global file system factory is now created explicitly and the
global singleton accessor function was removed.

Fixes #2281.
2017-02-28 12:59:23 +01:00
Norman Feske
9cba459958 base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.

In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping

Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.

For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-28 12:59:23 +01:00
Norman Feske
84fddafda7 init: enable init to report its internal state
This patch equips init with the ability to report its internal state in
the form of a "state" report. This feature can be enabled by placing a
'<report>' node in init's configuration.

The report node accepts the following arguments (with their default
values):

'delay_ms="100"': specifies the number of milliseconds to wait before
  producing a new report. This way, many consecutive state changes -
  like they occur during the startup - do not result in an overly
  large number of reports but are merged into one final report.

'buffer="4K"': the maximum size of the report in bytes. The attribute
  accepts the use of K/M/G as units.

'init_ram="no"': if enabled, the report will contain a '<ram>' node
  with the memory stats of init.

'ids="no"': supplement the children in the report with unique IDs, which
  may be used to infer the lifetime of children accross configuration
  updates in the future;

'requested="no"': if enabled, the report will contain information about
  all session requests initiated by the children.

'provided="no"': if enabled, the report will contain information about
  all sessions provided by all servers.

'session_args="no"': level of detail of the session information
  generated via 'requested' or 'provided'.

'child_ram="no"': if enabled, the report will contain a '<ram>' node
  for each child based on the information obtained from the child's RAM
  session.

Issue #2246
2017-02-28 12:59:22 +01:00
Norman Feske
e17811fb7a cli_monitor: API transition
Issue #1987
2017-02-28 12:59:20 +01:00
Norman Feske
8cb0dc9c16 init: session-label rewriting
This patch enhances init with the support for rewriting session labels
in the target node of a matching session route. For example, a Noux
instance may have the following session route for the "home" file
system:

<route>
  <service name="File_system" label="home">
    <child name="rump_fs"/>
  </service>
  ...
</route>

At the rump_fs file-system server, the label of the file-system session
will appear as "noux -> home". This information may be evaluated by
rump_fs's server-side policy. However, when renaming the noux instance,
we'd need to update this server-side policy.

With the new mechanism, the client's identity can be hidden from the
server. The label could instead represent the role of the client, or a
name of a physical resource. For example, the Noux route could be
changed to this:

<route>
  <service name="File_system" label="home">
    <child name="rump_fs" label="primary_user"/>
  </service>
  ...
</route>

When the rump_fs receives the session request, it is presented with the
label "primary_user". The fact that the client is "noux" is not taken
into account for the server-side policy selection.

Issue #2248
2017-02-28 12:59:20 +01:00
Norman Feske
b1a9addeb6 os/child_policy_dynamic_rom.h: API transition
Issue #1987
2017-02-28 12:59:19 +01:00
Josef Söntgen
15821e32ec nic: remove usage of deprecated env()
This commit includes changes to the Nic::Session_component interface.
We now pass the entire env to the component instead of only ram, rm and
the ep because we need the env to open connections from within the
Session_component implemenation. So far only the cadence_gem driver
needs this, though.

Issue #2280.
2017-02-28 12:59:18 +01:00
Josef Söntgen
3c57a8b3c2 usb_session: pass Region_map explicitly
Issue #2280.
2017-02-28 12:59:17 +01:00
Norman Feske
652f92c9c9 init: 'unscoped_label' session-routing attribute
This patch enhances init with the ability to route individual
environment sessions. Prior this patch, environment sessions could be
routed only by an all-encompassing '<service>' node that would match
both child-initiated and environment sessions.

In contrast to the existing 'label', 'label_prefix', and 'label_suffix'
attributes of '<service>' nodes, which are always scoped with ther name
of the corresponding child, the 'unscoped_label' allows the definition
of routing rules for all session requests, including init's requests for
the child's environment sessions. For example, to route the ROM session
requests for a child's dynamic linker, the following route would match:

<route>
  <service name="ROM" unscoped_label="ld.lib.so"> ... </service>
</route>

Issue #2215
2017-02-27 15:37:49 +01:00
Norman Feske
19868de69a launcher: API transition (deprecated warnings)
Issue #1987
2017-02-27 15:37:49 +01:00
Norman Feske
455bd9396e gems/terminal: support 'CHARACTER' events
This patch adds the handling of 'CHARACTER' events as emitted by the
input-filter's character generator (<chargen>). To avoid interpreting
press/release events twice (at the input filter and by the terminal's
built-in scancode tracker), the terminal's scancode tracker can be
explicitly disabled via <config> <keyboard layout="none"/> </config>.
In the future, the terminal's built-in scancode tracker will be
removed.

The use of the terminal with the input filter is illustrated by the
'terminal_echo.run' script.

Issue #2264
2017-02-27 15:37:49 +01:00
Norman Feske
859d23d92b os: introduce Input::Event::CHARACTER type
Character events are created via a dedicated 'Event' constructor that
takes an 'Event:Utf8' object as argument. Internally, the character is
kept in the '_code' member. The 'Utf8' value can by retrieved by the
recipient via the new 'utf8' method.

Issue #2264
2017-02-23 15:03:29 +01:00
Christian Helmuth
61b6dccf13 Queued read/write/read_ready in VFS and servers 2017-02-23 15:03:28 +01:00
Christian Helmuth
b805e001db Add READ_READY support to file-system session
The read-ready packet informs the server that the client wants to be
notified if a handle becomes readable. When becoming readable, the
server acknowledges packet and the client may queue a read requests
accordingly.
2017-02-23 14:54:51 +01:00
Sebastian Sumpf
aa602032dd vfs: dynamic configuration support 2017-02-23 14:54:48 +01:00
Josef Söntgen
e6e85fce74 os: remove Server from nic/component
Issue #2275.
2017-02-23 14:54:44 +01:00
Christian Helmuth
f9389109bf Support select in libc VFS plugin by read_ready() 2017-02-07 11:12:29 +01:00
Norman Feske
f8349b5bc7 os/slave.h: Remove use of global allocator
This patch eliminates the need for a global allocator by passing the
parent-service registry as argument to the 'Slave::Policy' constructor.

Fixes #2269
2017-02-07 11:12:28 +01:00
Christian Helmuth
c0d61858c3 Support for suspendable read in VFS and libC
The support has two parts. First, a VFS plugin now gets passed an
I/O-response handler callback on construction, which informs users of the
VFS that an I/O event occurred. This enables, for example, the libC to
check if blocking read can be completed. Further, the VFS file I/O
interface provides now functions for suspendable reads, i.e.,
queue_read() and complete_read().
2017-02-07 11:12:27 +01:00
Emery Hemingway
ded2f7e2d4 server/vfs: use Id_space to manage open nodes
Replacing the node lookup table with an Id_space removes the
limit on open handles per session and allows mutal associativity
between File_system handles and local VFS handles.

Fix #2221
2017-02-07 11:12:21 +01:00
Christian Helmuth
531e35ec42 Define Microseconds max value in timeout framework 2017-01-31 14:58:37 +01:00
Norman Feske
9fffb004b2 os/timer.h: disambiguate Timer::curr_time 2017-01-31 14:58:36 +01:00
Norman Feske
9adc6f1228 os: compile-time-defined parent-service registry
The new utility at 'os/static_parent_services.h' allows the creation of
a registry of parent services at compile time and thereby eliminates the need
for dynamic memory allocations whenever the set of services is known at
compile time as is the case for most uses of 'Slave::Policy'. The commit
showcases the utility in the bomb test.
2017-01-31 12:01:19 +01:00
Norman Feske
cd3a5852d6 Warn about the use of deprecated headers
This commit enables compile-time warnings displayed whenever a deprecated
API header is included, and adjusts the existing #include directives
accordingly.

Issue #1987
2017-01-31 12:01:18 +01:00
Norman Feske
02d5efcf3f init: apply routing to environment sessions
The init component used to create the CPU/RAM/PD/ROM sessions (the child
environment) for its children by issuing session requests to its parent,
which is typically core. This policy was hard-wired. This patch enables
the routing of the environment sessions of the children of init
according to the configured routing policy.

Because there is no hard-wired policy regarding the environment sessions
anymore, routes to respective services must be explicitly declared in
the init configuration. For this reason, the patch adjusts several run
scripts in this respect.

This patch removes the outdated '<if-args>' special handling of session
labels. The '<if-args>' feature will eventually be removed completely
(ref #2250)

Issue #2197
Issue #2215
Issue #2233
Issue #2250
2017-01-31 12:01:11 +01:00
Norman Feske
c1e399025e os: let empty label prefix/suffix match
This patch changes the 'Xml_node_label_score' to regard an empty
label_prefix or label_suffix as a match instead of a conflict. Until
now, there was no use case for an empty label_prefix. But with init's
new ability to route environment sessions, an empty prefix denotes any
child-initiated session (as oposed to an parent-initiated environment
session).

Issue #2215
Issue #2233
2017-01-23 16:46:05 +01:00
Christian Prochaska
dbb641d44a terminal session: return number of bytes written
To better support non-blocking terminal components, let the
'Terminal::Session::write()' function return the number of bytes
actually written.

Fixes #2240
2017-01-20 16:46:59 +01:00
Christian Prochaska
201bfabdac os/include/file_system_session: API transition (fix 'deprecated' warnings)
...and adaptation of the users of 'File_system::Session_rpc_object' to the
modified interface.

Issue #1987
2017-01-20 16:46:58 +01:00
Christian Prochaska
344f6f9e53 os/include/block: API transition (fix 'deprecated' warnings)
...and adaptation of the users of 'Block::Driver', 'Block::Root' and
'Block::Session_component' to the modified interface.

Issue #1987
2017-01-20 16:46:57 +01:00
Christian Prochaska
9be07d2244 os/include/nic: API transition (fix 'deprecated' warnings)
...and adaptation of the users of 'Nic::Root' and 'Nic::Session_component'
to the modified interface.

Issue #1987
2017-01-20 16:46:56 +01:00
Norman Feske
28d497549c report_rom/clipboard: API transition
Issue #1987
2017-01-13 13:07:14 +01:00
Norman Feske
a7f40b24ca Warn about the use of deprecated env() function
This patch enables warnings if one of the deprecate functions that rely
in the implicit use of the global Genode::env() accessor are called.

For the time being, some places within the base framework continue
to rely on the global function while omitting the warning by calling
'env_deprecated' instead of 'env'.

Issue #1987
2017-01-13 13:07:13 +01:00
Emery Hemingway
ec6cff7ba8 label timer session requests
Ref #1752
Ref #2224
2017-01-13 13:07:12 +01:00
Norman Feske
5e75ac4f87 timeout: change timer resolution from 100 to 5 ms
Issue #2225
2017-01-13 13:07:12 +01:00
Emery Hemingway
f957fcdd98 use Attached_dataspace at audio streams
Ref #1987
2017-01-13 13:07:10 +01:00
Martin Stein
b33c35a003 sd_card: get rid of wait_for_irq
Most implementations use a Signal_handler now to acknowledge the packet
instead of waiting for the transfer completion. The exceptions to that are
the non-DMA implementations for RPI and PL180

Ref #2206
2017-01-13 13:07:06 +01:00
Martin Stein
8c1e2f0555 regulator: add missing inline and static constexpr
The exynos5/consts header defined global symbols. If included by
multiple compilation units, this lead to multiple-definition errors.

Ref #2206
2017-01-13 13:07:05 +01:00
Stefan Kalkowski
6775b4077d os: platform_drv (arm) API transition (ref #1987) 2017-01-13 13:07:03 +01:00
Norman Feske
fa1a105d64 init: API transition
Ref #1987
2017-01-13 13:07:02 +01:00
Emery Hemingway
9bae4823a0 os/packet_stream: avoid global env
Pass an explicit Region_map reference to stream constructors.

Issue #1987
Issue #2034
2017-01-13 13:07:02 +01:00
Norman Feske
e91170a49c app/cli_monitor: API transition
Besides updating CLI monitor to the new API, the patch removes
Fiasco.OC-specific extensions that remained unused for a long time.

Ref #1987
2017-01-13 13:07:00 +01:00
Josef Söntgen
d10a69c7bc os: pass Env on in Attached_mmio constructor
Issue #1987.
2017-01-13 13:06:55 +01:00
Martin Stein
8d521036fb IPv4: fix buggy ascii_to implementations
Ref #2193
2017-01-13 13:05:47 +01:00
Martin Stein
cd708b24db IPv4: treat 0.0.0.0/0 as valid IPv4 prefix
0.0.0.0/x is now only seen as invalid if x > 0.

Ref #2193
2017-01-13 13:05:46 +01:00
Christian Helmuth
f2568856dd Hide implementation details in timeout framework
Fixes #2205
2017-01-13 13:05:45 +01:00
Martin Stein
eef18e1ecd net: introduce and apply Net::Port type
Thereby fix bug in the NIC router that previously used uint8_t values for ports in
some places.

Ref #2193
2016-12-23 16:52:10 +01:00
Norman Feske
dda054aa27 os: fix null termination in fb connection 2016-12-14 11:22:28 +01:00
Norman Feske
25a7ea3d40 base: rename 'Volatile_object' to 'Reconstructible'
Fixes #2151
2016-12-01 17:46:50 +01:00
Martin Stein
7eabe482b6 Increase RAM quota for Nic::Connection
At least on foc_x86_64, nic_router refused to create sessions for the
test clients as the session object's size exceeds the old quota
donation.

Ref #2139
2016-11-30 13:38:06 +01:00
Martin Stein
89085096d2 nic_router: new user interface and optimizations
Fixes #2139
2016-11-30 13:38:05 +01:00
Martin Stein
4eea2a058d net: let Net_address and Ipv4_address be packed
Ref #2139
2016-11-30 13:38:05 +01:00