Commit Graph

602 Commits

Author SHA1 Message Date
Johannes Schlatow
c763890f04 trace_buffer: partition trace buffer
Split the trace buffer into two partitions in order to prevent overwriting
of entries when the consumer is too slow. See file comment in buffer.h.

genodelabs/genode#4434
2022-03-21 13:42:16 +01:00
Johannes Schlatow
edc46d15f8 trace_buffer: revise trace buffer implementation
This commit simplifies the current implementation by overloading the
length field with a padding indicator in addition to the zero-length
head entry. This simplifies the iteration semantics as it eliminates
the need for determining whether a zero-length entries is the actual
head of the buffer or a padding at the buffer end.

genodelabs/genode#4434
2022-03-09 12:08:02 +01:00
Stefan Kalkowski
8a4cbe3cc9 io_port_session: make default ram quota explicit
Ref genodelabs/genode#4436
2022-03-02 15:04:18 +01:00
Johannes Schlatow
e35837e14b trace_buffer: fix wrap condition
When committing a new entry, the buffer wrapped if the last entry fit
perfectly into the buffer. Otherwise, the length field of the next entry
was set to 0 to mark the new head. Yet, if there was still some padding but not
enough to hold the length field of another entry, we ended up with a
headless buffer.

genodelabs/genode#4430
2022-02-28 11:45:18 +01:00
Johannes Schlatow
91b6032a71 trace_buffer: eliminate race
Since the head of the buffer is marked by a zero-length entry, we must
only write the length field if a new head was set. Otherwise, the
consumer might already read the new entry and not find the new head as a stop
condition.

genodelabs/genode#4430
2022-02-28 11:45:18 +01:00
Johannes Schlatow
b57ccf3517 trace_buffer: fix wrap corner case
If the functor reading the first entry after wrap-around returned false,
the wrapping was not applied successfully.

genodelabs/genode#4430
2022-02-28 11:45:18 +01:00
Johannes Schlatow
44aefc8777 trace_buffer: fix out-of-bounds read
The calculation in next() actually checked whether the current entry
fitted into the buffer, not if another one fitted.

genodelabs/genode#4430
2022-02-28 11:45:18 +01:00
Norman Feske
c2efa5406e xml_node: support backslash as attribute value
XML allows attribute values like <node attr="\"/>. The XML parser
wrongly reflects this case as 'Invalid_syntax'. This behavior stems from
the implicit use of the 'end_of_quote' function, which considers the
sequence of '\"' as a quoted '"' rather than the end of a quoted string.

The patch solves this problem by making the 'end_of_quote' part of
the tokenizer's scanner policy.

The patch removes the 'end_of_quote' function from 'util/string.h'
because it is not universal, and to avoid the ambiguity with
'SCANNER_POLICY::end_of_quote'.

Fixes #4431
2022-02-21 15:44:22 +01:00
Norman Feske
33b038e8a7 Consistent spelling of "writeable"
Fixes #4425
2022-02-15 10:23:58 +01:00
Norman Feske
0d48b74bec Remove Dataspace::phys_addr RPC function
The official way to obtain DMA addresses for RAM dataspaces is
the RPC function 'Pd_session::dma_addr' now. User-level device drivers
should not call this function directly but use the 'Platform_session'
interface of the platform driver instead.

Fixes #2243
2022-02-15 10:23:58 +01:00
Norman Feske
50c2b0066f Remove 'Env::reinit' and 'Env::reinit_main_thread'
Fixes #4404
2022-02-15 10:17:28 +01:00
Norman Feske
e4f62380d7 base: Pd_session::dma_addr, Pd_session::attach_dma
This patch enhances the PD-session interface with the support needed for
user-level device drivers performing DMA. Both RPC functions are
intended for the direct use by the platform driver only. If invoked for
PDs that lack the managing-system role, the operations have no effect.

The 'dma_addr()' RPC function allows the platform driver to request the
DMA address of a given RAM dataspace. It is meant to replace the
'Dataspace::phys_addr' RPC function.

The 'attach_dma' RPC function adds the given dataspace to the device
PD's I/O page table. It replaces the former heuristics of marking DMA
buffers as uncached RAM on x86.

With this patch, the UNCACHED attribute of RAM dataspaces is no longer
used to distinguish DMA buffers from regular RAM dataspaces.

Issue #2243
2022-02-15 10:16:52 +01:00
Johannes Schlatow
db3a647c6d allocator_avl: use Attempt for size_at
Fixes ambiguous interpretation of returned 0.

genodelabs/genode#4393
2022-02-15 10:16:51 +01:00
Johannes Schlatow
5aa0fea29b base: pass lambdas by reference in util/attempt.h
genodelabs/genode#4393
2022-02-15 10:16:51 +01:00
Johannes Schlatow
b821776b0d base: add == operator to util/attempt.h
This simplifies testing for early return conditions for which the use of
lambdas would be quite noisy.

genodelabs/genode#4393
2022-02-15 10:16:51 +01:00
Stefan Kalkowski
c99ca21649 rpi: remove drivers for platform, fb and sd_card
Fix #4396
2022-02-15 10:16:51 +01:00
Johannes Schlatow
0bb2e61e9e Allow derived classes of Genode::Array
genodelabs/genode#4382
2022-02-15 10:10:01 +01:00
Christian Prochaska
8ced0f184e vfs: add 'with_xml_file_content()' and 'with_raw_file_content()'
Fixes #4372
2022-01-19 12:38:13 +01:00
Stefan Kalkowski
6bd7f167a4 hw: remove rpi1/3 board support
The code moved to https://github.com/skalk/genode-rpi

Ref #4363
2022-01-19 12:38:12 +01:00
Tomasz Gajewski
f79d5d640f hw: irq controller and timer improvements for Rpi
* renamed rpi pic to Bcm2835_pic
* renamed rpi3 pic to Bcm2837_pic
* added bcm2837 control for setting prescaler value (to fix timer_accuracy)
* changed handling of all interrupts for rpi3 by cascading to bcm2835 pic
* rpi3 irq controller base address made consistent with rpi
* added usb controller memory region for pic on rpi3 (for SOF interrupts)

Ref #3415
2022-01-19 12:38:12 +01:00
Christian Prochaska
8e252f79f8 Remove mutex from 'Genode::Trace_output'
Fixes #4356
2022-01-19 12:35:49 +01:00
Piotr Tworek
d610f9f4f1 Fix some signed/unsigned implicit conversions.
Fix some trivial cases where the signedness of the constant value does
not match the signedness of type the code expects to see. GCC can be
asked to warn about those by passing Wsign-covnersion flag.

Issue #4354
2022-01-19 12:35:48 +01:00
Piotr Tworek
27b798fa4f base: Make int to access_t conversion explicit.
As far as I can tell this is not raised by any released GCC versions.
Clang 13 on the other hand warns about it due to implicit-int-conversion
warning which is automatically enabled together with Wconversion. The
problem is relatively simple, shifting access_t value does not always
produce result which is also of access_t type. For example, if access_t
is uint16_t, shifting it will produce integer result. This can be
observed even with GCC. Building the following C++ example will fail:

  #include <type_traits>
  #include <stdint.h>

  int test() {
      uint16_t a = 0xabcd;
      static_assert(std::is_same_v<decltype(a<<1), uint16_t>);
      return 0;
  }

Changing uint16_t in the static_assert to int, will allow the code to
build.

Make such int to access_t implicit conversion explicit to allow the code
to be compiled with both GCC and clang.

Issue #4354
2022-01-19 12:35:48 +01:00
Norman Feske
3cc6df3116 base: tighten affinity handling
This patch improves the robustness of the CPU-affinity handling.

- The types in base/affinity.h received the accessors
  'Location::within(space)' and 'Affinity::valid', which alleviates
  the fiddling with coordinates when sanity checking the values,
  in init or core.

- The 'Affinity::Location::valid' method got removed because its
  meaning was too vague. For sanity checks of affinity configurations,
  the new 'within' method is approriate. In cases where only the x,y
  values are used for selecting a physical CPU (during thread creation),
  the validity check (width*height > 0) was not meaningful anyway.

- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
  as argument because a location always relates to the bounds of
  a specific space. This function now implements the selection of
  whole rows or columns, which has previously a feature of the
  sandbox library only.

- Whenever the sandbox library (init) encounters an invalid affinity
  configuration, it prints a warning message as a diagnostic aid.

- A new 'Affinity::unrestricted' function constructs an affinity that
  covers the whole affinity space. The named functions clarifies
  the meaning over the previous use of the default constructor.

- Core's CPU service denies session requests with an invalid
  affinity parameter. Previously, it would fall back to an
  unrestricted affinity.

Issue #4300
2021-12-17 15:06:38 +01:00
Norman Feske
d370f56a77 Remove obsolete Trace::Session::subject_info RPC
Issue #3610
Fixes #4349
2021-12-17 15:04:49 +01:00
Norman Feske
03047009b1 base: avoid implicit conversions
This patch is a prerequisite for compiling the code with
the warnings -Wconversion enabled.

Issue #23
2021-12-17 15:04:44 +01:00
Norman Feske
6d231597b4 allocator_avl.h: remove debug feature 2021-12-02 10:03:26 +01:00
Norman Feske
a0a1f6455a base/string.h: avoid fallthrough cases 2021-12-02 10:02:48 +01:00
Norman Feske
dc39a8db62 base: introduce Allocator::try_alloc
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.

To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.

Issue #4324
2021-11-29 15:11:52 +01:00
Norman Feske
231ac187fe base: introduce Ram_allocator::try_alloc
This patch replaces the 'Ram_allocator::alloc' RPC function by a
'try_alloc' function, which reflects errors as 'Attempt' return value
instead of an exception.

Issue #4322
Issue #3612
2021-11-29 15:10:53 +01:00
Norman Feske
959bcae557 base: add util/attempt.h utility
Fixes #4322
2021-11-29 15:10:52 +01:00
Norman Feske
4df7e6adde util/list_model.h: Add update_list_model_from_xml
The new 'update_list_model_from_xml' function template simplifies the
use of the list model utility by alleviating the need for implementing a
custom policy class for each model. Instead, the transformation is done
using a few lambda functions given directly as arguments.

Issue #4317
2021-11-29 15:10:52 +01:00
Alexander Boettcher
533015b93e nova: support transfer of IA32_TSC_AUX MSR for vCPUs
The 32-bit MSR is returned by rdtscp in ecx register and used to detect
the CPU ID the timestamp was taken on.

Issue #4314
2021-11-29 15:10:52 +01:00
Stefan Kalkowski
b12b0ed93d imx8q_evk: remove board support from repository
Moved to separate repo at https://github.com/skalk/genode-imx/

Fix #4301
2021-11-29 15:10:51 +01:00
Johannes Schlatow
7917c5d9ec Remove zynq_qemu platform and zynq nic driver
Moved to separate repo at https://github.com/jschlatow/genode-zynq

Fixes genodelabs/genode#4280
2021-11-29 15:10:51 +01:00
Piotr Tworek
e748efacd8 reconstructible: Fix alignas specifier placement.
Alignas should be placed before the type. Placing it after it works for
GCC, but fails when building the same codee with clang. The error
message is:

reconstructible.h:48:27: error: 'alignas' attribute cannot be applied to types
    char _space[sizeof(MT)] alignas(sizeof(addr_t));
                            ^
Issue #4298
2021-10-15 15:45:52 +02:00
Norman Feske
6f1d3862cd base: introduce Env::try_session
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.

By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.

Issue #3767
2021-10-14 11:02:12 +02:00
Martin Stein
ebd140cacb reconstructible: respect alignment of payload
If one has an object X that has a minimum alignment requirement specified
through 'alignas' this requirement is normally inherited by objects that have
object X as member, and by those that have objects as member that have X as
member, and so on... . However, this chain used to get silently interrupted
(dropping the minimum alignment requirement to 8 again) at objects that are
managed with Genode::Reconstructible or Genode::Constructible. In order to fix
this, the commit ensures that Genode::Reconstructible (and therefore also
Genode::Constructible) has at least the minimum alignment requirement (using
'alignas') as the object it manages.

Ref #4217
2021-10-13 13:59:57 +02:00
Johannes Schlatow
2b0bb6dda0 trace: comment x86 timestamp() implementations
Fixes genodelabs/genode#4243
2021-08-30 15:00:38 +02:00
Johannes Schlatow
88b3880c77 base: fix shift overflow error in Bitfield::mask()
Fixes genodelabs/genode#4249
2021-08-30 15:00:35 +02:00
Stefan Kalkowski
e7067050be base: extend cache maintainance functionality
Introduce two new cache maintainance functions:
* cache_clean_invalidate_data
* cache_invalidate_data
used to flush or invalidate data-cache lines.

Both functions are typically empty, accept for the ARM architecture.
The commit provides implementations for the base-hw kernel, and Fiasco.OC.

Fixes #4207
2021-06-25 11:43:41 +02:00
Stefan Kalkowski
6780cf0790 base: introduce array utility
Fixes #4170
2021-05-28 14:16:45 +02:00
Christian Helmuth
718f44ae5b Check max_len before dereferencing pointer in Cstring constructor
Fixes #4112
2021-05-10 11:17:20 +02:00
Christian Prochaska
9b854e1496 Prevent recursive 'memset()' calls with gcc 10
Fixes #4125
2021-05-05 11:35:31 +02:00
Christian Prochaska
190eafeaa6 base: handle 'unpack_string()' error in 'Arg::string()'
Fixes #4100
2021-05-05 11:21:43 +02:00
Norman Feske
468e7a825c base/cache.h: rename Cache_attribute to Cache
The short name is better because the type will become prominently
visible at the API.

Issue #2243
2021-04-20 12:10:31 +02:00
Norman Feske
f925fef17b base: Refine Range_allocator::alloc_aligned
This patch changes the 'alloc_aligned' interface as follows:

- The former 'from' and 'to' arguments are replaced by a single
  'range' argument.

- The distinction of the use cases of regular allocations vs.
  address-constrained allocations is now overed by a dedicated
  overload instead of relying on a default argument.

- The 'align' argument has been changed from 'int' to 'unsigned'
  to be better compatible with 'addr_t' and 'size_t'.

Fixes #4067
2021-04-20 12:03:04 +02:00
Norman Feske
99f4b3cd07 Debug macros for easy performance profiling
The debug macros 'GENODE_LOG_TSC' and 'GENODE_LOG_TSC_NAMED' allow for
the easy gathering of the TSC ticks consumed by the calling scope.

Fixes #4066
2021-04-20 12:03:03 +02:00
Norman Feske
49481dd3fb timer: restore semantics of periodic timeout 0
The 'Timer::Session::trigger_periodic' RPC function used to accept 0 as
a way to de-schedule the periodic processing. Several components such as
nitpicker relied on this special case. In "timeout: rework timeout
framework", the value of zero was silently clamped to 1, which has the
opposite effect: triggering signals at the maximum rate. This results in
a visible effect in Sculpt where the leitzentrale-nitpicker instance
produces a constant load of 2% CPU time.

This patch restores the original timer semantics by

- Documenting it in timer_session.h,

- Handling the case explicitly in the timer implementation, and

- Replacing the silent clamping of the unexpected value 0 passed
  to the timeout framework by a diagnostic error message.

Issue #3884
2021-04-20 12:03:03 +02:00
Norman Feske
dc8dd3396d base: move Xml_generator::Node::Node behind ABI
Fixes #4063
2021-04-20 12:03:03 +02:00
Christian Helmuth
219809ffed base: refactor VM/vCPU API
Issue #3554
2021-02-23 12:07:18 +01:00
Christian Prochaska
59459e60e7 libc: pthread TLS optimizations
Fixes #4024
2021-02-23 12:07:17 +01:00
Sebastian Sumpf
ccd9ba4161 riscv: move CPU header from base-hw to base
issue #4021
2021-02-23 12:07:16 +01:00
Sebastian Sumpf
fd0e6685fc riscv: Use Qemu and update to ISA v1.10
- remove Spike/BBL support in favour of Qemu (>=4.2.1)
- add 'riscv_qemu' board, remove 'spike' board'
- update to privileged ISA v1.10 (from v1.9.1)
- use direct system calls for privileged core threads (they call into
  the kernel and don't use mode changing system calls, i.e. 'ecall',
  semantics)
- use 'OpenSBI' semtantics for SBI calls (to machine mode) instead of
  BBL

issue #4012
2021-02-23 12:02:44 +01:00
Alexander Boettcher
18e282ab8a allocator_avl: avoid false dangling warnings
By first removing unused ranges, implicitly meta data allocations are freed
up. This leads to more unused slab blocks and freed up meta data allocations
in the avl tree.

Issue #4014
2021-02-23 12:02:44 +01:00
Alexander Boettcher
1e84b46c3f slab: add option to free empty blocks
explictly by a method

Issue #4014
2021-02-23 12:02:44 +01:00
Christian Helmuth
9f3c5d92b3 base: cleanup Noncopyable declarations/coding style 2021-02-23 11:51:57 +01:00
Piotr Tworek
80e8cf99e2 base: Make Genode::List clang friendly.
Clang is generally fine with Genode::List and compiles code using it
without emitting any warnings. There is however one exception. Clang
fails hard when building base-hw/src/core/kernel/object.cc.
This is due to a call to Genode::List::remove made from
Object_identity::invalidate function. The error message clang
produces is:

  list.h:96:33: error: 'Genode::List<Kernel::Object_identity_reference>::Element::_next'
  is not a member of class 'const Kernel::Object_identity'
                              _first = le->List::Element::_next;
                                           ~~~~~~~~~~~~~~~^

When we look at the declaration of the Kernel::Object class on which
the remove method is called. as expected it does inherit Genode::List:

using Object_identity_list
	= Genode::List<Kernel::Object_identity>;

class Kernel::Object : private Object_identity_list
{
...
}

Given the error message we see that List::Element should be resolved to
Genode::List<Kernel::Object_identity>::Element, and not
Genode::List<Kernel::Object_identity_reference>::Element. But how does
clang manage to figure out we're talking about Object_identity_refecence
list here? Well, I admit I don't know the exact steps it takes to arrive
at this conclusion, but it is not entirely wrong. If we take a look at
what Kernel::Object_identity is we'll see:

class Kernel::Object_identity
: public Object_identity_list::Element,
  public Kernel::Object_identity_reference_list
{
...
}

Where as one can guess Object_identity_reference_list is defined as:

using Object_identity_reference_list
	= Genode::List<Object_identity_reference>;

Long story short Kernel::Object has Genode::List of both Kernel::Object_identity
and Kernel::Object_identity_reference in its inheritance chain and clang
is not really sure to which of those the code refers to in
Genode::List::remove method by using List::Element::.

The fix for this is relatively simple, explicitly state the full type of
the base class the code intends to refer to. Replacing List::Element,
with List<LT>::Element makes the code buildable with both clang and GCC.

Fixes #3990
2021-01-25 13:58:10 +01:00
Christian Helmuth
6cfaac182a Remove Cpu_session::Native_cpu definition from API
This type can be a forward declaration in the public API because its
definition is required only in kernel-specific code.

Related to #3979
2021-01-25 13:58:09 +01:00
Norman Feske
f57519397b Remove Pd_session::Native_pd definition from API
This type can be a forward declaration in the public API because its
definition is required only in kernel-specific code.

Fixes #3979
2021-01-25 12:51:54 +01:00
Christian Helmuth
8bed4c1d54 base: support hexa-decimal values in ascii_to(long)
This aligns the behavior of ascii_to(long&) with the behavior of
unsigned integer types, e.g., when parsing XML nodes into signed long
variables.
2021-01-25 12:50:54 +01:00
Alexander Boettcher
c5de2acf57 vm_session(x86): support cstar register
Fixes #3964
2020-12-09 14:02:12 +01:00
Norman Feske
a0fb944721 Propagate session diag flag to core
This commit restores the diag feature for selecting diagnostic output of
services provided by core. This feature became unavailable with commit
"base: remove dependency from deprecated APIs", which hard-wired the
diag flag for core services to false.

To control this feature, three possible policies can be expressed in a
routing target of init's configuration:

* Forcing silence by specifying 'diag="no"'
* Enabling diagnostics by specifying 'diag="yes"'
* Forwarding the preference of the client by omitting the 'diag'
  attribute

Fixes #3962
2020-12-09 14:02:11 +01:00
Norman Feske
9b544787bd base: make Affinity::Space::location_of_index const 2020-11-27 09:19:09 +01:00
Alexander Boettcher
774b1f4277 base: remove Thread_deprecated
Fixes #3954
2020-11-27 09:19:08 +01:00
Piotr Tworek
c0309a634e base: Silence unused arg warning in rpc_server.h
The msg argument in Genode::Rpc_dispatcher::_read_arg is not used. GCC
does not care about this, but clang does and prints a warning regaring
this. Silence it by removing unused argument name.

fixup! base: Silence unused arg warning in rpc_server.h
2020-11-27 09:19:08 +01:00
Piotr Tworek
d4a3aa7eda base: explicit copy constructor for Rpc_in_buffer
According to the "rule of three" [1] and C++11 [2] Rpc_in_buffer needs
to have an explicit copy constructor since it also has user defined
copy assignment operator. Both clang and newer versions of GCC complain
about this.

[1] https://en.cppreference.com/w/cpp/language/rule_of_three
[2] https://www.ece.uvic.ca/~frodo/cppdraft/n4659/html/depr.impldec

Issue #3938
2020-11-23 12:02:58 +01:00
Stefan Kalkowski
40445d7011 base: extend vm_session API with native vcpu cap
To enable the interaction of a VMM with the kernel directly,
a hidden RPC gets introduced. It allows a kernel-specific
base-library implementation of the Vm_session::Client to request
a kernel-specific capability to address a VCPU, e.g., to
run/stop it.

Ref #3926
2020-11-23 12:02:58 +01:00
Christian Prochaska
798beab30e base: support process-local signal submission
Issue #3923
2020-11-23 12:02:53 +01:00
Christian Prochaska
50e0f3b977 base: don't throw exceptions in 'Signal_receiver::pending_signal()'
Issue #3922
2020-11-23 12:02:49 +01:00
Martin Stein
7feea78991 timeout: rework timeout framework
* get rid of alarm abstraction
* get rid of Timeout::Time type
* get rid of pointer arguments
* get rid of _discard_timeout indirection
* get rid of 65th bit in stored time values
* get rid of Timeout_scheduler interface
* get rid of uninitialized deadlines
* get rid of default arguments
* get rid of Timeout::_periodic
* get rid of Timeout::Raw
* use list abstraction
* only one interface for timeout handlers
* rework locking scheme to be smp safe
* move all method definitions to CC file
* name mutexes more accurate
* fix when & how to set time-source timeout
* fix deadlocks

Fixes #3884
2020-10-09 13:35:56 +02:00
Martin Stein
1b41d9db90 base: remove alarm library from base
Ref #3884
2020-10-09 13:33:36 +02:00
Alexander Boettcher
f0f8d0e0ca base: add affinity to session creation request
Fixes #3838
2020-09-17 10:13:21 +02:00
Piotr Tworek
8d790010bf Xml_generator: Remove unused member variable
This triggers a warning when building the code with clang.

Fixes #3868
2020-08-28 08:28:13 +02:00
Stefan Kalkowski
5f5ad41ad3 hw: unify irq enumeration for Raspberri Pi
By now, the enumeration of peripheral interrupts on Raspberry Pi 1 was
different in between base-hw kernel and Fiasco.OC. Therefore, hacks were
needed in every driver to request the correct interrupt number dependent
on the kernel. Before reproducing the same in the platform driver for rpi,
we can more easily use the same enumeration with base-hw.

Ref #3864
2020-08-25 11:50:12 +02:00
Stefan Kalkowski
06edc0d52b base: extend PD session with managing_system call
Introduce the managing_system privilege for components like the
platform_driver to allow it to call system management functionality
that is reserved by kernel or special firmware, e.g., ARM Trusted Firmware.

The former RAM resource configuration attribute `constrain_phys`,
which enabled to constrain the region of physical RAM to be used,
gets replaced by the new, broader managing_system configuration
attribute of a `start` node. It gets enforced by the sandbox library.

Ref #3816
2020-08-25 11:50:11 +02:00
Christian Prochaska
31397d67ae base: increase linker area size
Fixes #3856
2020-08-25 11:50:11 +02:00
Norman Feske
2437d759b6 Xml_node: remove deprecated methods
Issue #3755
2020-08-25 11:50:10 +02:00
Alexander Boettcher
c55a499009 base: remove delayed dispatch from Rpc_entrypoint
Fixes #3833
2020-08-25 11:42:36 +02:00
Alexander Boettcher
60106ac2c8 base: avoid deadlock and page fault
Fixes #3830
2020-08-25 11:42:29 +02:00
Alexander Boettcher
41380ff769 base: remove Cancelable_lock
- base/cancelable_lock.h becomes base/lock.h
- all members become private within base/lock.h
- solely Mutex and Blockade are friends to use base/lock.h

Fixes #3819
2020-07-30 08:49:23 +02:00
Alexander Boettcher
21e48a8e12 trace: extend for_each_subject_infos return value
Fixes #3811
2020-07-13 11:33:13 +02:00
Alexander Boettcher
f3efbe50bb base: remove deprecated cancel_blocking() support
for threads.

Fixes #3806
2020-07-13 11:33:12 +02:00
Stefan Kalkowski
b915b0adc4 Annotate irq session interface with RAM_QUOTA
Ref #3299
2020-05-27 11:56:46 +02:00
Stefan Kalkowski
6e6b671a66 Annotate io_mem session interface with RAM_QUOTA
Ref #3299
2020-05-27 11:56:46 +02:00
Norman Feske
ab8ef5750d doc: tweaks for updated Genode Foundations book 2020-05-27 11:56:46 +02:00
Norman Feske
b078224753 Replace Genode::strncpy by Genode::copy_cstring
- Since Genode::strncpy is not 100% compatible with the POSIX
  strncpy function, better use a distinct name.

- Remove bogus return value from the function, easing the potential
  enforcement of mandatory return-value checks later.

Fixes #3752
2020-05-27 11:56:45 +02:00
Norman Feske
dd0c1575f5 Xml_node: mark deprecated methods
Fixes #3755
2020-05-18 10:16:14 +02:00
Norman Feske
48b2456845 util/token.h: fix possible out-of-bounds read
The 'WHITESPACE' case of the _calc_len method wrongly accessed the
character before checking upper bound of the token. The problem is fixed
by switching the order of both conditions.

Fixes #3756
2020-05-18 10:16:12 +02:00
Norman Feske
9d67f9fc8e Remove Allocator_guard
This patch removes old 'Allocator_guard' utility and replaces its use
with the modern 'Constrained_ram_allocator'.

The adjustment of core in this respect has the side effect of a more
accurate capability accounting in core's CPU, TRACE, and RM services.
In particular, the dataspace capabilities needed for core-internal
allocations via the 'Sliced_heap' are accounted to the client now.
The same goes for nitpicker and nic_dump as other former users of the
allocator guard. Hence, the patch also touches code at the client and
server sides related to these services.

The only remaining user of the 'Allocator_guard' is the Intel GPU
driver. As the adaptation of this component would be too invasive
without testing, this patch leaves this component unchanged by keeping a
copy of the 'allocator_guard.h' locally at the component.

Fixes #3750
2020-05-18 10:16:12 +02:00
Norman Feske
a9f0e47ea3 Remove return value of Log_session::write
Fixes #3749
2020-05-05 13:51:05 +02:00
Norman Feske
bbc21cf063 util/bit_array.h: remove use of memset and memcpy
This makes the code less dependent on functions considered unsafe.

Fixes #3748
2020-05-05 13:30:15 +02:00
Alexander Boettcher
1a94338389 trace: support to request subject infos batched
Optimize requesting the Subject_infos from O(n) to O(1) RPC call.

Issue #3610
2020-04-28 08:57:57 +02:00
Norman Feske
6f6340644b Hide binary_ready_hook_for_platform from public
The hook is meant to be internal to the framework. So better keep its
declaration in the framework-internal globals.h header.

Issue #3581
2020-04-24 14:37:47 +02:00
Norman Feske
b134867f31 Remove Rpc_entrypoint::Native_context
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.

Related to issue #3581
2020-04-21 16:50:37 +02:00
Stefan Kalkowski
0e49336b96 Retire Exynos 5 support (fix #3725) 2020-04-17 12:53:57 +02:00
Tomasz Gajewski
870d348d77 trace: redirect logs to trace based on policy
If trace is enabled for component than an attempt to put message into
trace buffer is performed using log_output policy. If it succeeds than
message is not put to logs using log service.

Fixes #3714
2020-04-17 12:47:48 +02:00
Tomasz Gajewski
1d9a2dce94 trace: extend policy with log_output
Issue #3714
2020-04-17 12:47:19 +02:00
Norman Feske
6dfd268ef1 base/registry.h: remove misleading comment 2020-04-17 12:40:13 +02:00
Alexander Boettcher
3956530634 base: use Mutex/Blockade
Issue #3612
2020-04-17 12:40:12 +02:00