A userland component that ports the Linux WireGuard kernel module (originally
from kernel version 5.14.21) and integrates it via a NIC session (public
network side) and an Uplink session (private network side). The
WireGuard-specific device configuration is done through the component
configuration. The port is done using lx_emul, lx_kit and the virt_linux
targets. The commit adds also 4 corresponding run scripts of which 3 are fully
automated of which 1 is added to the autopilot.
:Warning:
Although in principal functioning, the WireGuard port has not been exposed to a
sufficient amount of real-world testing, so far. Therefore, we strongly
recommend not to use it in any security-critical scenarios! There is no
guarantee that the port meets any of the security goals pursued by the
WireGuard protocol or other WireGuard implementations!
Ref #4397
Normally, the APIs listed in 'used_apis' files do not carry a version
but implictly refer to the current version. This patch allows for
specifiying an concrete version. This is a useful feature in the context
of the Goa tool.
By replacing the formerly hard-coded $(GENODE_DIR)/tool/depot/ by the
variable DEPOT_TOOL_DIR, the depot tools can be hosted outside the
Genode source tree, i.e., as part of the Goa tool.
Some devices do not answer connection attempts timely, which leads
amtterm to time out (after 60s). Using multiple attempts in 500 ms
intervals results in timely connection and complete boot logs.
Issue #4429
.SHELLFLAGS is extended by option pipefail to make pipes fail if any pipe
element fails. As .SHELLFLAGS is exported into sub-make instances it
must be unexported before calling third-party build systems recursively.
This is a follow-up fix for "mk/ld.mk: trigger kernel-dependent
ld.lib.so build", which alleviates the need to specify the KERNEL at the
build-system command line. Thanks to Piotr Tworek for reporting.
Issue #4320
This patch works around 'tar' erroring out when faced with an empty list
of files:
tar: Cowardly refusing to create an empty archive
This can happen when using sculpt.run for a scenario with only a runtime
but no deploy or launcher configuration.
Issue #4369
With the kernel-specific build of the dynamic linker triggered
automatically at the build stage, the artificial build step at the
boot-dir stage can be skipped.
Issue #4320
The new function 'build_artifacts' returns a list of artifacts created
by the Genode build system. The list can be supplied as argument to
the 'build_boot_image' function.
Note that the list covers only program targets and shared libraries.
Other artifacts created as side effects of custom rules are not covered.
Fixes#4368
This patch prevents the run tool from issuing 'make' in the build
directory if no build targets are specified, which prompts the build
system to build everything.
If only versioned archives are supplied to a depot function like
'create_tar_from_depot_binaries', the depot/create tool is called
with zero arguments, resulting in a help message. The patch detects
this case and skips the call.
Since unifying the build directories accross architectures, the special
case of the 'linux' platform is no longer needed. Linux can be targeted
from regular CPU-architecture-specific build directories via:
KERNEL=linux BOARD=linux
Fixes#4366
This change keeps the version-controlled 'pubkey' and 'download' files
separate from files generated via depot/create or downloaded via
depot/download. So one can remove the entire depot/ directory without
interfering with git.
Furthermore, depot keys can now be hosted in supplemental repositories
independent from Genode's main repository.
Fixes#4364
This patch discharges the dependency of Makefile.in from Makefile.am
files whenever both files are present in a downloaded archive.
Being based on make, the trigger of running automake is based on the
timestamps for the extracted archive content. However, since we reset
the timestamps (via 'tar -m') at extraction time, no assumptions about
the timestamp relations between the extracted files can be made. In the
event automake is triggered, we are faced with the tool dependency from
a specific automake version on the host.
The patch enforces the unconditional use the 'Makefile.in' version
supplied by the archive.
Fixes#4350
Always instantiating a network device with id `net0`, removes the need to call
append_qemu_nic_args in run scripts unless we want to add forwarding
rules.
genodelabs/genode#4311
Allow specifying additional qemu arguments for externally supported boards
(e.g. zynq_qemu) by adding a `qemu_args` file in the board-property directory.
The syntax of the qemu_args file is as follows:
- Arguments can appear in a single line or in multiple lines as the
lines will be appended (separated by a whitespace) to the global
qemu_args variable.
- If the line is prepended with a `foobar:` expression. The arguments
are only added if the foobar spec is present.
Note, that a `-m` argument specified in the qemu_args file will
override the arguments provided by the run scripts.
genodelabs/genode#4311
First, the former implementation has only considered the pure numerical
variant of the -m argument. Yet, qemu also allows specifying the amount
of memory by `-m 1G`, `-m size=1G` and more.
Second, the default amount of memory for BOARD=pc was 512M (800M in case of okl4).
Since the depot_autopilot.run also required at least 768M on all
platforms it seems reasonable to take 800M as a default value for BOARD=pc and
thereby remove the special treatment of okl4.
genodelabs/genode#4311
Now that we have appropriate native driver for them add keyboard and
mouse devices to virt_qemu machine. Make sure qemu exposes those new
devices in modern, VirtIO 1.0 mode. At leasts qemu 5.1.0 still uses
pre 1.0 mode in default setup.
Issue #4282
The former encoding was UTF-8, which works quite well if LC_CTYPE is
ensured to be an UTF-8 codeset (e.g., en_US.UTF-8 or C.UTF-8 . But, if
LC_CTYPE is set to C or latin1 for example, the Tcl regex library enters
an infinite loop because of unexpected characters used as markers
n the strings (e.g., SECTION SIGN U+00A7).
Therefore, the extract tool was converted to latin1 with the following
commands and now works for LC_CTYPE C and UTF-8 codesets.
iconv -f utf-8 -t latin1 tool/dts/extract > /tmp/e
cp /tmp/e tool/dts/extract
The NIC router used to ignore the IPv4 header fields "More fragments" and
"Fragment offset" completely. Therefore higher-level protocols of fragmented
IPv4 were interpreted wrong because each fragment was considered a self-
standing packet, expecting, for instance UDP/TCP headers somewhere inside of
the UDP/TCP data field. Normally, such packets were dropped as soon as the
UDP/TCP checksum check failed because of the misinterpretation. However,
it was also possible for fragmented IPv4 to pass the router although normally
only partially.
IPv4 fragmentation support in the router would introduce some potential
security risks and is presumably not an easy endeavor. So, for now, we settled
on not supporting IPv4 fragmentation. With this commit, the router simply drops
all fragmented IPv4. This is reflected to the log for each fragment as "drop
packet (fragmented IPv4 not supported)" when 'verbose_packet_drop="yes"' is
configured.
The new test 'run/nic_router_ipv4_fragm' is an automated test for this
behavior. The test is added to the autopilot list.
Ref #4236
This patch lifts the limitation for 32-bit ARM platforms and makes the
parameter --load-fastboot-device optional. If only one device is
present, it can be omitted.
Fixes#4232
This patch replaces the enumeration of boards in the drivers_nic_pkg and
drivers_interactive_pkg functions by inferring the package names from
the [board] name. This eases the addition of driver packages in external
repositories.
Fixes#4221
The depot tool 'build_bin_archive' used to ask only whether CCACHE is empty or
not and, if it wasn't empty, the tool added 'CCACHE := yes' to the build.conf
of the temporary build dir. This caused the sub-build processes to use ccache
even when the top-level CCACHE variable was set to a bogus value.
Also adds documentation of the CCACHE variable to the help message of the
'build' and 'build_bin_archive' tool.
Ref #4212
This patch adjusts the 'extract_initcall_order' utility to the changed
initcall symbol syntax introduced in Linux by the following commit:
https://github.com/torvalds/linux/commit/a8cccdd9
It uses an additional sed step to strip away the kmod prefix,
__COUNTER__, and __LINE__ information so that the symbol names match
those of earlier kernel versions.
Issue #4188
This patch enables the tool/dde_linux/create_dummies tool to operate on
a out-of-tree build directory. The Linux source tree is determined by
examining the build directory's Makefile.
Issue #4188
The new tool `extract_initcall_order` generates a header file out of a
Linux kernel build, which provides a sorted array with the initcall function
names of the kernel build. The order states the order in which the initcall
have to be called. It gets extrated out of the Linux kernel System.map.
Fixes#4172
The new tool `create_dummies` easily lists missing references,
while porting subsystems of the Linux kernel to Genode, e.g., device drivers.
Moreover it can automatically generate dummy implementations for functions
and global variables.
Fixes#4156
We used to export 'LC_COLLATE=C' for the environment of Genode tools. This was
meant to ensure that sorting is always done C-style and not dependent on the
users locale settings. This is required, for instance, to ensure that the same
archive always yields the same hash.
However, 'export LC_COLLATE=C' is not sufficient. It can be outruled by an
'LC_ALL' setting in the users environment. The manual of 'sort' recommends to
set 'LC_ALL=C' locally if you want reliable results and this is what this
commit does. Furthermore it removes the former 'export LC_COLLATE=C'
directives.
Note that I couldn't find a way to set 'LC_ALL' local to 'exec ... sort' in
TCL. This is why I set it global instead using TCLs 'env' array.
Note that the Make directive '$(sort ...)' and the TCL directive 'lsort',
unlike the Shell directive 'sort', are not affected by the users locale
settings.
Fixes#4144
Download gmp, mpc and mpfr with the download script provided by the
gcc source tree and let the gcc build system handle the build of these
libraries with the correct compile options. This fixes build issues on
armhf Linux and removes the need to maintain mpc and mpfr ports in
the Genode tree.
Issue #4094
The 'gprbuild' version which is provided by Ubuntu 18.04 has a bug
which prevents it from building 'ali2dep' with gcc/gnat 10. With
this commit, a newer 'gprbuild' version is built from source.
Issue #4094
This patch adds support for running Genode/Linux on the AARCH64
architecture.
- The kernel-agnostic startup code (crt0) had to be extended to
capture the initial stack pointer, which the Linux kernel uses
to pass the process environment. This is in line with the
existing startup code for x86_32 and x86_64.
- The link order of the host libraries linked to lx_hybrid
programs had to be adjusted such that libgcc appears at last
because the other libraries depend on symbols provided by
libgcc.
- When using AARCH64 Linux as host, one can execute run scripts
via 'make run/<script> KERNEL=linux BOARD=linux' now.
Issue #4136
This new runscript demonstrates how a file can be overwritten by vfs
import with the flag overwrite set to false. This is due to a bug
in lx_fs that is not propagating an ernno EEXIST syscall error.
Issue genodelabs#4104
Until now, Genode's Linux system call bindings were based on original
Unix system calls that were later superseded by more flexibile variants.
E.g., 'openat' is a modern version of 'open'. Even though Linux upholds
the compatiblity with the original versions for existing architectures
like x86, the legacy syscalls are absent for the recently added AARCH64
architecture. A good overview of the system calls accross the prominent
architectures can be found at
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md
This patch updates Genode's syscall bindings to avoid legacy versions,
thereby easing the support for AARCH64. The used "modern" versions
were introduced back in Linux version 2 days. So we are fine to rely
on them.
The patch slightly changes the signature for lx_stat because this system
call is merely used to check for the existance of a file and its size.
The new name 'lx_stat_size' draws a closer connection to its use case.
That said, the stat syscall has not been updated to the modern statx
since statx is still a fairly recent addition.
Issue #4136
I created a test program which stresses the interplay between libc,
pthreads and vfs_pipe and may detect regressions.
The program starts a thread that spawns a bunch of workers, sends and
receives data to them through a pipe. When all data of a worker is
collected, the worker is finished (join()) and a new worker is started.
Both the number of bytes sent to the worker and the size of its
answer are random.
Issue #3967
- build debug version of core and bootstrap found under
_var/run/<runscript>.core_ (.bootstrap). This is a regression when
switching from object to archive library linkage of core.
fixes#4027
Instruct bender to enable Intel HWP on supported CPUs unconditionally
to gain more insight by using the feature most prominently in Sculpt.
Fixes#4040.
With this patch, the build directory's CCACHE configuration is applied
to the building of depot archives when using the --depot-auto-update
feature.
Note that this is effective only when resetting the hash files before
building so that each depot-auto-update results in the same-named
versions. Otherwise, the include paths (that include the version name as
part of the path) make cache hits impossible.
Issue #4004
This commit complements issue #4004 with support for the depot/create
tool. If CCACHE=1 is specified at the command line, the build directory
for building a binary archive is configured with 'CCACHE := yes'.