Commit Graph

822 Commits

Author SHA1 Message Date
Martin Stein
1336b0a751 mmio: upper-bounds checks
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).

That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.

Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.

The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.

The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.

Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.

Fix #4081
2024-02-26 08:59:07 +01:00
Norman Feske
87993a864c input/event.h: axis ids LX, LY, LT, RX, RY, and RT
The axis IDs correspond to 2x analog sticks with 2 axes and 2x triggers.
While being at it, the commit changes the Axis_id type to Axis::Id.

Fixes #3669
2024-02-26 08:31:03 +01:00
Christian Helmuth
4a2319a4d6 os: limit backtrace to stack of current thread
The frame-pointer-based backtrace does not work without enabling
-fno-omit-frame-pointer explicitly and in most cases leads to page
faults because non-pointer stack values are dereferenced during the
walk. The best we can do is to limit the backtrace walk to the stack of
the current thread to prevent page faults unrelated to the system state
without the use of the backtrace utility.

This commit introduces a printable Backtrace class usable in
Genode::log(), Genode::trace(), etc. The class is based on the new
function for_each_return_address(auto const &fn) that walks the stack in
its limits and calls fn() for each discovered return address on the
stack in the new os/include/os/backtrace.h. Archtecture-specific
stack-pointer retrieval and walk loops are implemented in dedicated
os/include/spec/<arch>/os/for_each_return_address.h files. Also, the
well-known Genode::backtrace() function (which logs the return-address
values) is provided for backwards compatibility.

Fixes #5078
2024-02-26 08:31:02 +01:00
Johannes Schlatow
350a3d9ae4 platform_session: increase RAM and CAP quota
As a consequence of the adding IOMMU support to the platform driver,
additional RAM and CAPs are needed for setting up IO page-table
structures.

genodelabs/genode#5002
2023-11-30 14:20:53 +01:00
Norman Feske
d7ee460704 list_model.h: rename 'apply_first' to 'with_first'
Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
0f686a774d list_model.h: retire 'update_list_model_from_xml'
This transition vehicle to the modern interface has now been replaced by
the new 'List_model::update_from_xml' method.

Issue #4317
2023-11-28 14:24:24 +01:00
Norman Feske
47ac55e9c5 decorator: use modern list-model interface
Issue #4317
2023-11-28 14:24:24 +01:00
Alice Domage
132e027c69 os/include/net: add support for the DNS protocol
Issue genodelabs/genode#5003
2023-11-28 14:24:23 +01:00
Norman Feske
458206b11a monitor: apply affinity to monitored children
Fixes #4996
2023-09-29 12:17:45 +02:00
Sebastian Sumpf
f9e70b0300 genode_c_api/event: add wheel events
issue #4958
2023-09-29 12:15:06 +02:00
Sebastian Sumpf
c5a55e5af4 genode_c_api/usb_client: API USB clients
Through this API C-code can connect to an USB service.

issue #4958
2023-09-29 12:15:06 +02:00
Sebastian Sumpf
f896fcfadb genode_c_api/usb: add ALT_SETTING and CONFIG
issue #4958
2023-09-29 12:15:06 +02:00
Christian Prochaska
7000fb8642 monitor: add more debugging features
Fixes #4977
2023-08-23 13:46:37 +02:00
Martin Stein
8bad3d08d7 util/formatted_output.h: hex-dump utility
Adds Genode::Hex_dump class to the formatted_output.h header. This class can be
used to print a hexadecimal dump of a byte range. The data is printed in a
format similar to that used by Linux's 'xxd'. In addition to the 'xxd' format,
consecutive duplicate lines are replaced with a single "*\n" as done also by
Linux's 'hexdump'.

Ref #4966
2023-08-21 08:12:01 +02:00
Norman Feske
4918035258 sandbox.h: supply Request::args to Local_service
This change allows a local service to interpret session arguments other
than the label.
2023-07-14 12:06:32 +02:00
Josef Söntgen
70c57a3be3 pci_decode: calculate 64bit BAR size
Issue #4949.
2023-07-14 12:06:32 +02:00
Christian Helmuth
98cbfa3561 genode_c_api: MAC address reporter utility
Issue #4918
2023-06-16 11:24:26 +02:00
Christian Helmuth
29b441c6fa net: const Network_address source buffer
Issue #4918
2023-06-16 11:24:26 +02:00
Norman Feske
6a57683e52 New debug monitor
The new monitor component at os/src/monitor is the designated successor
of the gdb_monitor. This initial version, however, implements only the
subset needed to inspect the memory of the monitored component(s).

In contrast to the gdb_monitor, the new component supports the monitoring
of multiple components, leveraging the sandbox API. It can therefore be
used as a drop-in replacement for the init component. Like the gdb_monitor,
the new monitor speaks the GDB protocol over Genode's terminal session.
But the protocol implementation does not re-use any gdbserver code,
sidestepping the complexities of POSIX.

There exist two run scripts illustrating the new component. The
os/run/monitor.run script exercises memory inspection via the 'm' command
by letting a test program monitor itself. The os/run/monitor_gdb.run
script allows for the interactive use of GDB to interact with monitored
components.

Issue #4917
2023-06-16 11:24:26 +02:00
Norman Feske
add6dbac4e sandbox: add Pd_intrinsics::start_initial_thread
This hook allows for intercepting the creation of initial threads
whenever a new child is started.

Issue #4917
2023-06-16 11:24:26 +02:00
Norman Feske
f2153f9b2f sandbox: allow for customized PD access
By default, the sandbox uses the Env::pd() as reference PD session of
the sandbox children.

However, to accomodate use cases where the interplay of the reference
PD session and the child's address space needs to be intercepted, this
patch adds a constructor that takes an interface for the controlled
access of PD intrinsics as argument.

Issue #4917
2023-06-16 11:24:26 +02:00
Norman Feske
250c16ddcf os/path.h: fix misleading comments
Issue #4708
2023-06-16 11:24:25 +02:00
Johannes Schlatow
cb0546aa9b os: increase platform_session quota 2023-05-30 12:03:32 +02:00
Christian Helmuth
97b015b8c7 virtio: fix MMIO build errors with -std=gnu++20
Issue #4827
2023-05-30 12:03:31 +02:00
Christian Prochaska
c4810c5db4 virtio_pci_nic: fix build errors with -std=gnu++20
Fixes #4888
2023-05-30 12:03:30 +02:00
Norman Feske
8e32e7a14e os: replace enum by static constexpr (C++20)
Fixes the build of the nic_router.

Issue #4869
2023-05-30 12:03:29 +02:00
Norman Feske
29079b2ac8 os: define CAP_QUOTA as constexpr (C++20)
Issue #4869
2023-05-30 12:03:29 +02:00
Norman Feske
604d6bf567 os: make nitpicker compatible to C++20
Avoid arithmetics on enum values, disambiguate '==' operator of
handle_registry.

Fixes #4875
2023-05-30 12:03:29 +02:00
Norman Feske
05e5ecca86 vfs: fix dangling allocation in dir_file_system
Issue #4855
2023-05-30 12:03:26 +02:00
Josef Söntgen
1d376717c1 net/netaddress: make copy member function const
As the function does not alter the internal state of the
object allow for using it in r/o contexts.

Issue #4813
2023-04-26 11:58:14 +02:00
Christian Helmuth
4b54520579 trace_buffer: fix check for empty buffer
Issue #4805
2023-04-17 14:48:30 +02:00
Christian Helmuth
7c84d73d67 Spend min. 4K on platform session upgrade for DMA buffer
Issue #4792
2023-04-17 14:48:24 +02:00
Christian Helmuth
3c45f5c7ab usb: support 32 in-flight packets
- move metadata specific to isochronous transfers from the descriptor
  into the content of USB-session packets
- restore support for 32 in-flight packets in the USB C API

Fixes #4749
2023-04-17 14:48:23 +02:00
Christian Helmuth
217d59ce68 usb: use buffer type in C API
Also, some reasonable sanity checks of client-passed parameters were
added and for-int loops replaced by for-range loops where applicable.

Issue #4749
2023-04-17 14:48:23 +02:00
Norman Feske
fd7001d020 os/vfs.h: don't truncate File_content
The 'File_content' utility throws an exception whenever a file happens
to get truncated during the reading process. But it silently truncates
the data against the specified limit. In practice, exceeding the limit
is usually an error case. This patch enhances the 'File_content' utility
by throwing 'Truncated_during_read' in the limit-exceeded case as well,
in order to ease the diagnosis of such cases.

Issue #4788
2023-03-15 17:05:35 +01:00
Norman Feske
36c00cc294 gems: remove use of format strings
Issue #2064
2023-03-13 14:32:52 +01:00
Norman Feske
9debad4e91 Remove format strings from connection types
Issue #2064
2023-03-13 14:32:37 +01:00
Stefan Kalkowski
adc594a7e6 os: remove conversion warnings/errors from virtio
The read_config and write_config functions in the generic virtio
headers used by all drivers lead to compiler warnings resp. errors
if effective-c++ switch is enabled. Moreover, the functions require
to define the access width as parameter. We can better turn them
into template functions using the value type to read resp. write to
derive the access width.

Ref genodelabs/genode#4344
2023-02-27 08:22:49 +01:00
Norman Feske
b0e52ba7d4 util/misc_math.h: remove abs function
Fixes #4766
2023-02-27 08:22:49 +01:00
Norman Feske
bdf47785b8 vfs: remove 'file_size' from read/write interfaces
The 'file_size' type denotes the size of files on disk in bytes. On
32-bit architectures it is larger than the size_t, which refers to
in-memory object sizes.

Whereas the use of 'file_size' is appropriate for ftruncate and seek, it
is not a suitable type for the parameters of read/write operations
because those operations refer to in-memory buffers.

This patch replaces the use of 'file_size' by size_t. However, since it
affects all sites where the read/write interface is uses, it takes the
opportunity to replace the C-style (pointer, size) arguments by
'Byte_range_ptr' and 'Const_byte_range_ptr'.

Issue #4706
2023-02-27 08:22:49 +01:00
Sebastian Sumpf
34b2a83b84 gpu_session: add notes to interface
Describe differences for Intel and Lima (Mali) based GPUs.

issue #4713
2023-02-27 08:22:48 +01:00
Sebastian Sumpf
f1bc791c22 gpu_session: rename Gpu::Virtual_address:va
rename 'va' into 'value' to stay consistent with other types.

issue #4713
2023-02-27 08:22:48 +01:00
Sebastian Sumpf
3260c86d15 gpu_session: VRAM interface
Change the abstraction from buffers to video RAM (VRAM). The notion of
buffers can be provided at the client side (e.g., Mesa) and multiple
buffers can be there be associated to one VRAM area, thus saving
resources (meta data overhead) when allocating many buffers. A VRAM area
can also be mapped to one single buffer as before for clients or drivers
that do not take advantage of this feature.

issue #4713
2023-02-27 08:22:48 +01:00
Norman Feske
61a7671de1 os/vfs.h: read loop in Readonly_file::read
This patch improves the Readonly_file::read method such that the
capacity of the specified buffer is used as upper bound for the read
operation instead of VFS-internal I/O buffer sizes. This relieves the
caller from implementing a read loop in most cases.

As a step away from C-ish use of the API, the patch deprecates the old
'read' method that takes the buffer as char *, size_t arguments.

Fixes #4745
2023-02-27 08:22:46 +01:00
Christian Helmuth
264ee999a1 acpi_event: generalize config for any key
Fixes #4748
2023-02-27 08:22:46 +01:00
Christian Helmuth
3403a91213 input: provide keycode-by-name lookup
The new utility returns a key code for a passed name and is implemented
by linear search, which is slow but sufficient in situations like config
updates.

Issue #4748
2023-02-27 08:22:45 +01:00
Martin Stein
eba22b7551 nic_router: rework updating of TCP/UDP links
* Update links from forward rules only with forward rules and links from
  transport-routing rules only with transport-routing rules. Besides raising
  the performance of the code, this also fixes a former bug that allowed
  forward-rule links to falsely stay active because of a transport-routing
  rule that matched the client destination ip and port.

* Don't use good-case exceptions for updating TCP/UDP links on re-configuration
  of the router.

* Make conditions when to dismiss a forward rule easier to read.
  * Introduces != operator to the public Port class in the net library.

* Fix unnecessary log message that a link was dismissed when only a potentially
  matching forward rule turned out to be not matching.

* Apply Genode coding style to if statements with a single body statement.

Fix #4728
2023-01-24 12:07:31 +01:00
Norman Feske
ddeaccf728 vfs: documentation of Vfs::Env::User
Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
25e4bcefbf vfs: remove 'Io_response_handler' interface
The old 'Io_response_handler::io_progress_response' interface has been
replaced by the 'Vfs::Env::User::wakeup_vfs_user' (issue #4697). The
remaining 'read_ready_response' method is now hosted in the
appropriately named 'Read_ready_response_handler'.

Issue #4706
2023-01-24 12:07:30 +01:00
Norman Feske
9a2c03d2c6 vfs: remove Read_result::READ_ERR_INTERRUPT
The error condition was too vague and thereby remained unused in
practice.

Issue #4706
2023-01-24 12:07:30 +01:00