Commit Graph

1075 Commits

Author SHA1 Message Date
Alexander Boettcher
a322fbf822 os: avoid warning in vfs server
[init -> depot_download -> dynamic -> fetchurl] Error: packet operation=3 failed

Issue #2672
2018-02-28 11:05:03 +01:00
Josef Söntgen
2e9a19d5b0 chroot: enforce writeable policy decision
The writeable decision given in the policy will always override the
decision made by the client.

Fixes #2643
2018-02-19 20:50:48 +01:00
Norman Feske
69ac68ca98 nit_fb: prevent enlarging mode when out of RAM
This patch adds a safety check to nit_fb to ensures that nit_fb never
runs out of RAM. Should the available RAM not suffice for resizing the
virtual framebuffer to a new mode, it keeps the current mode.
2018-02-15 10:22:10 +01:00
Alexander Boettcher
accc7e7521 fs servers: handle result propagation better
This patch removes the notion of partial writes from the file-system
servers. Since write operations are asynchronously submitted, they are
expected to succeed completely, except for I/O errors. I/O errors are
propagated with the write acknowledgement but those are usually handled
out of band at the client side. Partial writes must never occur because
they would go undetected by clients, which usually don't wait for the
completion of each single write operation.

Until now, most file-system servers returned the number of written bytes
in the acknowledgement packet. If a server managed to write a part of
the request only, it issued the acknowledgement immediately where it
should have cared about writing the remaining part first.

The patch detects such misbehaving server-side code. If partial writes
unexpectedly occur, it prints a message and leaves the corresponding
request unacknowdleged.

Issue #2672
2018-02-15 10:22:08 +01:00
Alexander Boettcher
f4e9c94bf2 vfs lib: complain about unsuccessful fs packets
Issue #2672
2018-02-15 10:22:08 +01:00
Alexander Boettcher
bfd24de4ad vfs: notify all blockers in fs adapter
if requested so ( by _post_signal_hook.arm(nullptr) )

Issue #2664
2018-02-14 20:41:10 +01:00
Alexander Boettcher
f05c4df36a vfs: handle submit_ready signal in fs adapter
to avoid starvation.

Issue #2664
2018-02-14 20:41:09 +01:00
Emery Hemingway
4a3fc21ada New watch handle mechanism for File_system session
File_system clients may now watch files and directories for changes by
opening a 'Watch_handle' rather than submitting a 'CONTENT_CHANGED'
packet to the server. When a change happens at a node with an open
Watch_handle a CONTENT_CHANGED packet will be sent from the server to
the client. This serializes registration with other handle operations
and separates I/O handle state from notification handle state.

Test at run/fs_rom_update.

Ref #1934
2018-02-14 20:41:09 +01:00
Emery Hemingway
c7d0accac0 VFS: catch Out_of_ram and Out_of_cap exceptions
Catch out of RAM and capability exceptions and return error values.
Abort opening a composite directory at Dir_file_system where an
opendir call on any child file-system returns an OUT_OF_RAM or
OUT_OF_CAPS error.

Ref #2642
2018-02-14 20:41:07 +01:00
Norman Feske
cd7e3425ee nit_fb: allow screen-relative initial_width/height
This change enables the use of negative values for the 'initial_width'
and 'initial_height' attributes to specify values that are relative to
the screen size. This is consistent with the meaning of the 'width' and
'height' attributes.
2018-02-14 20:41:04 +01:00
Norman Feske
8aa1e349fc terminal session: propagate resize events
The new 'Terminal_session::size_changed_sigh' RPC function registers a
signal handler that is triggered each time when the terminal size
changes. It enables the client to adjust itself to the new size by
subsequently calling the 'size' RPC function. Of all terminal servers,
only the graphical terminal triggers this signal.
2018-02-14 20:41:03 +01:00
Martin Stein
abf9557bb5 AVL node/tree: make non-copyable
AVL trees can't be copied with the default copy constructor as the
parent pointer of the first item of both of the resulting trees would
point to the original tree. Copying an AVL node, however, generally
violates the integrity of the corresponding tree. The copy constructor
of Avl_tree is used in some places but in those places it can be
replaced easily. So, this commit deletes the copy constructor of
Avl_node_base which makes Avl_node and Avl_tree non-copyable.

Issue #2654
2018-02-09 13:34:23 +01:00
Martin Stein
4e9ff5ad7b trace_subject_reporter: fix missing include
Issue #2654
2018-02-09 13:34:23 +01:00
Stefan Kalkowski
7ba6297988 clipboard: handle focus at startup
Fixes #2667
2018-02-09 13:34:22 +01:00
Martin Stein
ccc67d6f68 trace_logger: convenient tracing frontend
The 'trace_logger' component can be used to easily gather, process and export
different types of tracing data. Which subjects to select is configurable via
session label policies and thread names. Which data to collect from the
selected subjects can be configured for each subject individually, for groups
of subjects, or for all subjects. The gathered data can be exported as log
output.

This is an example configuration of the 'trace_logger' component which shows
the default value for each attribute except the policy.thread and
policy.label:

! <config verbose="no"
!         session_ram="10M"
!         session_arg_buffer="4K"
!         session_parent_levels="0"
!         period_sec="5"
!         activity="no"
!         affinity="no"
!         default_policy="null"
!         default_buffer="4K">
!
!    <policy label="init -> timer" />
!    <policy label_suffix=" -> ram_fs" />
!    <policy label_prefix="init -> encryption -> "
!            thread="worker"
!            buffer="4K"
!            policy="null" />
! </config>

For more details see os/src/app/trace_logger/README.

Fixes #2654
2018-02-09 13:34:20 +01:00
Martin Stein
3e6d1b96e7 trace/policy/rpc_name: enable building again
Building this policy was disabled by a REQUIRES = riscv_toolchain_bugfix
to prevent compiler crashes on nightly test builds. Since the latest
RISCV toolchain update, test builds for RISCV crash at much more places
which makes this single work-around senseless.

Issue #2654
2018-02-09 13:34:20 +01:00
Martin Stein
ef1dee8bc6 init config.xsd: add ld_verbose attribute
Issue #2654
2018-02-09 13:34:19 +01:00
Alexander Boettcher
666f6c9ac4 ahci: enable pci config command memory access
Issue #2620
2018-02-09 13:34:18 +01:00
Alexander Boettcher
fcadbc9023 platform_drv: try enabling msi independent of gsi
value written in pci config space.

Issue #2620
2018-02-09 13:34:18 +01:00
Alexander Boettcher
336140c5f1 platform_drv: enable full access for pci bridges
Issue #2620
2018-02-09 13:34:18 +01:00
Norman Feske
cde8163770 os: make 'Buffered_xml' util publicly available
The 'Buffered_xml' utility is used by three components and a fourth is
on the way. To avoid another duplication of the code, this patch makes
it publicly available at 'os/buffered_xml.h'.
2018-02-09 13:34:17 +01:00
Norman Feske
faea43906f init test: conserve RAM in dummy app
This patch replaces the 'Heap' by a 'Sliced_heap' to avoid the
allocation of a 16 KiB memory block when 'dummy' acts as a server. On
seL4, such an allocation would exceed the 1M quota as assigned by the
init.run script.
2018-02-09 13:34:17 +01:00
Josef Söntgen
fe6f616cf1 nit_fb: add attribute for initial dimensions
The 'initial_width' and 'initial_height' attributes were added to
accomodate the use-case to set the initial dimensions whenever 'nit_fb'
is used in a dynamic fashion, e.g, in combination with a window manager.
These attributes may not be mixed with the 'width' and 'height'
attributes, which are mostly used when a static size configuration is
desired.
2018-02-09 13:34:16 +01:00
Martin Stein
6575df84c5 nic_router: fix use of outdated ARP-cache entries
When a NIC session is destructed at the router, we have to remove all ARP
cache entries that match the MAC address of that session. Otherwise the
outdated entries might be re-applied later, leading to wrong destination
MAC addresses in routed packets.

Fixes #2637
2018-02-09 13:34:16 +01:00
Norman Feske
e9b9f684ef os: reduce log noise by trace-info apps 2018-02-09 13:34:16 +01:00
Norman Feske
4619e2e84c init: new label_last attribute for session routes
Fixes #2647
2018-02-09 13:34:15 +01:00
Norman Feske
8fca8a9a04 nitpicker: refresh when focused client disappears
This fix handles the case where the focused domain loses its focus
because the currently focused client vanishes. In this case, the focus
will be undefined and the non-focused views of the domain become
tinted again. The refresh should take effect immediately as soon as the
client vanishes.
2018-02-09 13:34:13 +01:00
Norman Feske
e0e9b3b32e init: close all sessions of exited children
With this patch, init responds to the exit of a child by closing all
sessions of the child. E.g., if a child is a GUI application, its
nitpicker session is closed at the time of exit, not at the time when
the start node disappears from init's configuration.

Since this change requires a modification of the 'Genode::Child' class,
it takes the chance to make the child-destruction less brutal. The
new version ensures that all threads of the destructed subsystem are
destructed before other sessions, in particular PD sessions. This
eliminates spurious page-fault warnings during the child destruction.

On Fiasco.OC, closing the CPU session of a thread while being called by
the thread causes a deadlock. Hence, we skip the eager destruction of
CPU sessions on this kernel.

Related to issue #2659
2018-02-09 13:31:27 +01:00
Alexander Boettcher
df26dc07e9 trace_subject_reporter: adjust ram usage
to trace connection

Issue #2638
2018-02-09 13:26:02 +01:00
Alexander Boettcher
7c0894159f top: consider dead thread with execution time
which executed in the current measurement period but are now dead.
Keep the Entry object up to next period, where the recent_execution_time will
become 0 since it will not execute definitely.

Issue #2638
2018-02-09 13:26:02 +01:00
Alexander Boettcher
2a0f940bd7 top: adapt to ram usage of trace connection
Issue #2638
2018-02-09 13:26:02 +01:00
Martin Stein
1936667a53 test/xml_node: test Xml_node::decoded_content
Issue #2644
2018-02-09 13:26:01 +01:00
Josef Söntgen
fb1c504568 gpu: the Intel multiplexer is only for x86_64
Require x86_64 because memory/adress space limitations on x86_32
restrict the use-cases on such a platform anyway. Doing that,
we can also assume that memory adresses are always 64bit long and
do not have to handle 32bit adresses.
2018-01-17 12:14:43 +01:00
Martin Stein
8844c57254 net-stat: remove as it is not used and outdated
According to the creator of the net-stat lib, this lib was a mere debugging
tool that is not used anymore nor worth the work of updating the it to
modern Genode coding paradigms. Also, there exist no tests for the lib.
2018-01-17 12:14:42 +01:00
Martin Stein
f4a2d932e3 net: check packet data size in accessor
Instead of having a method validate_size in each packet class, check
sizes in the data accessor of the surrounding packet class. This packet
accessor is the one that casts the data pointer to the desired data type
so it is sensible that it also checks whether the desired type would
exceed the available RAM before doing the cast. This also fits nicely
the fact that for the top-level packet-class of a packet, the size must
not be checked (which was previously done).

Issue #465
2018-01-17 12:14:41 +01:00
Sebastian Sumpf
89a9e88a7e vfs: GNU long file name support for tar 2018-01-17 12:14:41 +01:00
Christian Helmuth
2b711f59ed nit_fb: fix resizing on framebuffer-mode change
Respect relative width/height configuration if the underlying
framebuffer dimensions change.
2018-01-17 12:14:40 +01:00
Norman Feske
95a2fc7167 os: component to reflect ROMs as reports 2018-01-17 12:14:37 +01:00
Norman Feske
eba9c15746 Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:

* A class with virtual functions can no longer publicly inherit base
  classed without a vtable. The inherited object may either be moved
  to a member variable, or inherited privately. The latter would be
  used for classes that inherit 'List::Element' or 'Avl_node'. In order
  to enable the 'List' and 'Avl_tree' to access the meta data, the
  'List' must become a friend.

* Instead of adding a virtual destructor to abstract base classes,
  we inherit the new 'Interface' class, which contains a virtual
  destructor. This way, single-line abstract base classes can stay
  as compact as they are now. The 'Interface' utility resides in
  base/include/util/interface.h.

* With the new warnings enabled, all member variables must be explicitly
  initialized. Basic types may be initialized with '='. All other types
  are initialized with braces '{ ... }' or as class initializers. If
  basic types and non-basic types appear in a row, it is nice to only
  use the brace syntax (also for basic types) and align the braces.

* If a class contains pointers as members, it must now also provide a
  copy constructor and assignment operator. In the most cases, one
  would make them private, effectively disallowing the objects to be
  copied. Unfortunately, this warning cannot be fixed be inheriting
  our existing 'Noncopyable' class (the compiler fails to detect that
  the inheriting class cannot be copied and still gives the error).
  For now, we have to manually add declarations for both the copy
  constructor and assignment operator as private class members. Those
  declarations should be prepended with a comment like this:

        /*
         * Noncopyable
         */
        Thread(Thread const &);
        Thread &operator = (Thread const &);

  In the future, we should revisit these places and try to replace
  the pointers with references. In the presence of at least one
  reference member, the compiler would no longer implicitly generate
  a copy constructor. So we could remove the manual declaration.

Issue #465
2018-01-17 12:14:35 +01:00
Martin Stein
226c4a475b nic_router: do not warn on sending to empty domain
The warning "no interface connected to domain" was introduced when only one NIC
session at a time could be connected to a domain. It should help to track
packet drops that were caused by startup timing issues between servers and
clients. However, a user should watch the "NIC sessions" value of a domain
(verbose_domain_state) instead when debugging packet loss. With support for
multiple sessions per domain, even a non-empty domain may still miss the
session that connects the desired server.

Fix #2629
2018-01-17 12:14:33 +01:00
Martin Stein
57bfd09328 nic_router: no memcpy on self-written packets
Previously, all packets that the router wanted to sent were first prepared to
their final state and then copied at once into the packet stream RAM. This is
fine for packets that the router only passes through with modifying merely
a few values. But for packets that the router writes from scratch on its own,
it is better to compose the packet directly in the packet stream RAM.

Fix #2626
2017-12-22 11:43:39 +01:00
Martin Stein
b6991f9c03 nic_router: send with individual composing functor
Normally, Interface::send always takes the base and size of the RAM region
where a packet was composed and copies this finished packet at once into the
packet stream RAM. But we want to be able to also compose packets directly in
the packet stream RAM, so that no memcpy is needed. Thus, Interface::send now
takes a functor that describes how to compose the packet, then allocates the
packet stream RAM and applies the functor to this RAM. there is also a version
of Interface::send that provides the old behavior but with the new back end.
This way, we stay backwards-compatible.

Issue #2626
2017-12-22 11:43:39 +01:00
Martin Stein
4c76a87fec nic_router: explanatory comment about link objects
Issue #2609
2017-12-22 11:43:39 +01:00
Martin Stein
b0e155d316 nic_router: fix available IP count in DHCP server 2017-12-21 15:01:55 +01:00
Martin Stein
d6d0bcd960 nic_router: no Arp_packet constructor when sending
When composing an ARP packet for sending, it's pointless to use the Arp_packet
constructor as the constructor only checks whether the packet is malformed.

Issue #2618
2017-12-21 15:01:55 +01:00
Martin Stein
1cae5ec8f6 nic_router: handle all "No_X_packet" exceptions
Issue #2618
2017-12-21 15:01:55 +01:00
Martin Stein
edf1f9d849 nic_router: report some useful information
The NIC router can now be configured to periodically send reports.
Configuration example (shows default values):

<config>
	<report interval_sec="5" bytes="yes" config="yes">
</config>

If the 'report' tag is not available, no reports are send.
The attributes of the 'report' tag:

'bytes'        : Boolean : Whether to report sent bytes and received bytes per
                           domain
'config'       : Boolean : Whether to report ipv4 interface and gateway per
                           domain
'interval_sec' : 1..3600 : Interval of sending reports in seconds

Issue #2614
2017-12-21 15:01:54 +01:00
Martin Stein
869297a672 nic_router: avoid "close" where we mean "dissolve"
In the context of link state objects we often used the term "close" were we
actually meant "dissolve". The term "close" originated from the TCP connection
state and is still used in TCP links in the correct manner.

Issue #2609
2017-12-21 15:01:54 +01:00
Martin Stein
859a5fd208 nic_router: simplify Interface::_new_link
Issue #2609
2017-12-21 15:01:53 +01:00
Martin Stein
4927a6f679 nic_router: multiple interfaces at one domain
Act as hub for the interfaces at a domain. This also changes the roles of the
Domain and Interface classes. By now the Interface held the data structures for
the ARP cache, foreign ARP waiters, and the searchtrees for layer 3 links. All
these structures have moved to the Domain while the memory allocations and
lifetime management for the contents of these structures still come from from
the according Interface object. The mentioned data structures were also adapted
to fit the fact that they now may maintain objects of different interfaces.

Issue #2609
2017-12-21 15:01:53 +01:00
Martin Stein
f524fb8e61 nic_router: support domain-local IPv4
If an IPv4 packet targets an IP local to the domain it comes from and doesn't
target the routers IP of that domain, forward it to all other interfaces of
the domain without considering any other routing.

Issue #2609
2017-12-21 15:01:53 +01:00
Martin Stein
b63d83e6a3 nic_router: get rid of Interface::print
Actually interfaces have no own human-readable identifier. They shall instead
use the print functionality of their domain.

Issue #2609
2017-12-21 15:01:52 +01:00
Martin Stein
0a77987778 nic_router: support domain-local ARP
Improve ARP handling code in general:
Make the several cases and their handling more clear by using a more
readable if/else statement structure. Drop gratuitous ARP requests.

Domain-local ARP:
Handle ARP packets that target local IPs other than the routers IP
(forward them to all other interfaces of the domain).

Issue #2609
2017-12-21 15:01:52 +01:00
Martin Stein
bfddad17a3 nic_router: avoid use of old term "IP allocation"
IP allocations were renamed DHCP allocations without fixing the according
places in log messages and comments. This commit rectifies this omission.

Issue #2609
2017-12-21 15:01:52 +01:00
Martin Stein
54532b99f9 nic_router: don't use color codes in log
Issue #2609
2017-12-21 15:01:51 +01:00
Emery Hemingway
ed89f2f7f0 Add millisecond accessor to Genode::Duration value object
Add a 'trunc_to_plain_ms' method to Gende::Duration to make
millisecond-accurate timing safer and more convenient.

Ref #2335
2017-12-21 15:01:51 +01:00
Josef Söntgen
6b89eaaf79 mixer: handle config verbosity update 2017-12-21 15:01:49 +01:00
Norman Feske
e23fc5a1fc init: refine verbosity handling
This patch makes service-announce messages depend on the configured
verbosity. It also omits "parent provides" title messages if no new
parent services are added during a config update.
2017-12-21 15:01:48 +01:00
Norman Feske
30f96657f1 rom_filter: make verbosity configurable 2017-12-21 15:01:48 +01:00
Norman Feske
48132c9ca3 fs_rom: remove debug message 2017-12-21 15:01:48 +01:00
Norman Feske
e4bb85b4de fs_rom: style (avoid Genode:: prefix) 2017-12-21 15:01:48 +01:00
Alexander Boettcher
892f51ab1c os: add app to transform kernel/core output to LOG
Issue #2207
2017-12-21 15:01:48 +01:00
Norman Feske
9f140ab843 chroot: adjust license header to AGPLv3 2017-12-21 15:01:46 +01:00
Emery Hemingway
4d9037d112 Hard-link loop detection for VFS tar file-system
Detect loops by walking hard-links at two different speeds and checking
for lapping. Tar link walking is no longer a recursive procedure.

Caught a loop created by GNU tar 1.29.

Fix #2611
2017-12-21 15:01:45 +01:00
Martin Stein
4dd69b1d5a nic_router: do not warn when using default values
Issue  #2590
2017-12-21 15:01:44 +01:00
Alexander Boettcher
c5f59ddfb1 signal.run: avoid deadlock during test destruction 2017-12-21 15:01:40 +01:00
Martin Stein
9c0bd03363 nic_router: no DHCP fail on unexpected DISCOVER
If a client decides to spontaneously send a DHCP DISCOVER again, even though
he has received a still valid IP config from the router, we don't want to
discard the DISCOVER like it was done before but discard the IP config
assignment and offer a new one.

Issue #2534
2017-12-21 15:01:38 +01:00
Martin Stein
70c5c31ec9 nic_router: better warnings on bad DHCP requests
Be more descriptive about why the NIC router thinks that a DHCP request
sent to him is bad.

Issue #2534
2017-12-21 15:01:38 +01:00
Sebastian Sumpf
8808b99cc5 vfs: remove session ram quota checks
The first client that creates a session, has to pay for possibly large
vfs plugin allocations (e.g., rump), which should be payed for by the
server.
2017-12-21 15:01:37 +01:00
Martin Stein
c3853494c8 nic_router: domain-state-verbose flag
When this flag is set in the config tag, the NIC router will print a
short information to the log for each general state change of a domain.
This includes currently the IP-configuration state and the number of
connected NIC sessions. This a useful addition as the normal verbose
flag's purpose is a very deep insight into almost every activity in the
router, which is cool for debugging sophisticated problems but normally
floods the log and therefore discards this option for, e.g., desktop
systems. In such systems, the new verbosity is pretty discreet but
already gives a good hint on why packets may get dropped by the router
although the routing rules are correct.

Issue #2534
2017-12-21 15:01:37 +01:00
Martin Stein
fc7999a62a nic_router: add config schema
Fix #2600
2017-12-21 15:01:37 +01:00
Martin Stein
b8d8bc3142 nic_router: do not route to domains w/o IP config
Ref #2534
2017-12-21 15:01:37 +01:00
Martin Stein
fb2398dbf2 run: target-specific config schemata
The run tool now by default checks configurations with target-specific
XML schemata. Each component may define a config schema file in its
target.mk via the CONFIG_XSD variable. When the run tool has checked an
configuration of an init instance, it additionally goes through the
start nodes of the config. For each start node it checks whether there
is an XSD file that matches. If so, the run tool also checks the config
of the start node (if existant). This is done recursively. I.e., also
the child configs of a sub-init of a sub-init of the top-level init
receive a config check.

Issue #2600
2017-12-21 15:01:36 +01:00
Martin Stein
3cdcb528ff nic_router: advanced timeout configuration
Replace former rtt_sec attribute of the <config> tag by more specific
(and still optional) attributes for timeouts used in the NIC router
(these are also the default values):

<config dhcp_discover_timeout_sec="10"
        dhcp_request_timeout_sec="10"
        dhcp_offer_timeout_sec="10"
        udp_idle_timeout_sec="30"
        tcp_idle_timeout_sec="600"
        tcp_max_segm_lifetime_sec="30">

Details about the new attributes can be found in the README of the router.

Issue #2590
2017-12-21 15:01:32 +01:00
Martin Stein
564e6a6885 nic_router: read seconds attributes generic
Issue #2590
2017-11-30 16:58:49 +01:00
Christian Prochaska
425d18e866 pointer: strip the last label element when matching labels
Issue #2585
2017-11-30 11:23:22 +01:00
Christian Prochaska
72dec21d8f pointer: fix visibility flag handling
Issue #2585
2017-11-30 11:23:22 +01:00
Christian Prochaska
dd98bd67a0 pointer: custom pointer shape support
Make the revised 'vbox_pointer' component the new 'pointer' component.

Fixes #2585
2017-11-30 11:23:22 +01:00
Christian Helmuth
f710e10206 fs_rom: log permission-denied errors 2017-11-30 11:23:21 +01:00
Christian Helmuth
1556300ea6 vfs: close directory handle in node destructor 2017-11-30 11:23:21 +01:00
Martin Stein
99ddaaa9d7 timer epit: fix multi-wraps and bug in rate limit
Multi-wraps
-----------

Previously, on every new timeout, we programmed registers LR=timeout and
CMP=0. The counter than counted from LR down to 0, triggered the IRQ,
jumped back to LR, and counted down again. If one installed small
timeouts (< 1000 us), it was likely that the counter wrapped multiple
times before we were able to read it out. Initially, this was not a big
issue as the additional wraps were simply ignored and the amount of time
lost through this was not big. But when we want to do correct rate
limitation, multiple wraps cause an overflow in the additional
calculations, and this has a big effect on the resulting time value.

Thus, we now program the counter to start from ~0 and count down to 0.
We set CMP=~0-timeout so that the timer still triggers the IRQ at the right
time. The counter continues counting down after the IRQ has triggered until
we install a new timeout. We do not consider anymore that the counter wraps.
The maximum timeout is set to half the maximum counter value, so, we should
be able to install a new timeout before the counter wraps.

Rate limit for time updates
---------------------------

In the time span between two interrupts we have to remember how many ticks
we have already added to the time value. This is because at each call of
curr_time we can only see how many ticks have passed since the last call of
schedule_timeout and not since the last call of curr_time. But we want to
limit the rate of time updates in curr_time. With the member for ticks that
were already added since the last call to schedule_timeout we can then
calculate how many are yet to be added.
2017-11-30 11:23:20 +01:00
Alexander Boettcher
057749a3a9 timeout.run: avoid variation caused by log message 2017-11-30 11:23:18 +01:00
Martin Stein
adfb1a77e2 timer/epit: remove unused code
* use correct/more modern types
* get rid of old code that was for the public use of the EPIT backend
* merge Epit_base into Time_source
2017-11-30 11:23:18 +01:00
Alexander Boettcher
c9bcce57e8 timer/epit: limit timeout rate
Limit rate to 1000 per second as it raises the throughput under stress
significantly without having an effect on the tested accuracy.

Issue #2579
2017-11-30 11:23:18 +01:00
Norman Feske
3ea960932e input_filter: support <include> in <remap> nodes 2017-11-30 11:23:15 +01:00
Norman Feske
e204b9532b rom_filter: allow use of input as attribute value 2017-11-30 11:23:15 +01:00
Norman Feske
f94f96c3ee nit_focus component that implements click-to-focus 2017-11-30 11:23:15 +01:00
Norman Feske
b05ad847b9 nitpicker: equip hover report with 'active' info
This patch supplements the existing 'hover' report with the information
whether or not the user has recently moved the pointer. This works
analogously to how the 'focus' report features the information about
recent button/keyboard activity.

Together, the 'hover' and 'focus' reports may be combined to observe
prolonged user inactivity, e.g. to activate a lock screen.
2017-11-30 11:23:14 +01:00
Norman Feske
544274feb9 nitpicker: respond to external focus policy
This patch enables nitpicker to use an external focus policy instead of
the traditional builtin click-to-focus policy. The external focus policy
is obtained from a 'focus' ROM. The focus ROM is expected to have a
'label' attribute with the value set to the label of the to-be focused
client.
2017-11-30 11:23:14 +01:00
Norman Feske
7ca56a62fd nitpicker: report last clicked-on client
The new report can be activated via the 'clicked' attribute of the
'<report>' configuration node.
2017-11-30 11:23:14 +01:00
Norman Feske
82e2900aa7 nitpicker: re-organize implementation
This patch revises the implementation of nitpicker in the following
respects:

- Split the implementation into smaller files,
- Consistently use the 'Nitpicker' namespace,
- Avoid the use of format strings,
- Retire old (and hackish) debug mode,
- Removal of unused timer connection,
- Merging 'Session' into 'Session_component',
- Merging 'Mode' into 'User_state',
- Adding the notions of 'View_owner' and 'Focus' as interfaces,
- Untangle 'User_state' and 'View_stack'
2017-11-30 11:23:14 +01:00
Alexander Boettcher
0a5dcc86ed platform_drv: separate acpi and system feature 2017-11-30 11:23:14 +01:00
Norman Feske
72f2ea349d init: forward RAM/cap quota session errors
This patch supplements init's service-forwarding mechanism to propagate
the insufficient RAM/cap quota conditions from the server to the client.
Without it, the client's session request stays pending infinitely.
2017-11-30 11:23:13 +01:00
Norman Feske
cda71e198f init: limit rate of periodic reports by 'delay_ms'
This is a follow-up patch to "init: periodic state updates if sensible".
In situations where the report rate is deliberately limited via the
'delay_ms' attribute while also reporting child-resource stats, we don't
want generate reports at a fixed rate of one second. This patch limits
the rate according to the 'delay_ms' value.
2017-11-30 11:23:12 +01:00
Norman Feske
d2c7cfa5fa input_filter: avoid closing input sessions
The input filter used to temporarily close all input sessions upon its
reconfiguration. In most cases, the same set of sessions is
re-established immediately afterwards. However, at the server (driver)
side, the closing of the session implicitly disables the input-event
queue. Hence events generated by the hardware while the session is
closed are dropped. This becomes a noticeable problem when using the
recently added <rom> modifier feature for handling capslock. The change
of the ROM always triggers the re-configuration of the input filter.
When pressing capslock and other keys at a high rate, press/release
events may get lost.

This patch solves this problem by maintaining all input sessions that
are defined in both the old and new configuration. It thereby removes
the short duration where the input event queues are temporarily disabled
at the drivers.
2017-11-30 11:23:12 +01:00
Christian Helmuth
12461291b8 Draw frame in framebuffer test
Issue #2555
2017-11-30 11:23:11 +01:00
Alexander Boettcher
5e4b523357 top: increase number of supported trace subjects
and print error if it may not be enough.
2017-11-30 11:23:10 +01:00
Sebastian Sumpf
9c852c750a vfs: handle root directory explicitly
This makes '/' and the actual root of VFS distinguishable. A VFS root
may contain one ore more '/' entries for each file system. 'opendir' for
the VFS root opens all file systems via 'open_composite_dir', while
'opendir' for '/' only returns a VFS handle.

Fixes #2569
2017-11-30 11:23:10 +01:00
Christian Helmuth
66d5954fc5 Adapt stack size of threads in signal test
This fixes the warning "small stack of 3996 bytes [...] may break Linux
signal handling" on 32-bit base-linux.
2017-11-30 11:23:10 +01:00
Martin Stein
e87f63944f timeout: replace Duration operators by methods
void += (Microseconds) -> void add(Microseconds)
void += (Milliseconds) -> void add(Milliseconds)
bool < (Duration)      -> bool less_than(Duration)

Issue #2581
2017-11-30 11:23:09 +01:00
Martin Stein
26bcd439f7 timeout: fix bug in duration + duration testing
The += operator contained bugs. We now also do some tests on the Duration
type at the beginning of the timeout test.

Fixes #2581
2017-11-30 11:23:09 +01:00
Martin Stein
5d39acd3c3 timer: clamp one-shot timeouts to avoid overflow
Issue #2579
2017-11-30 11:23:08 +01:00
Alexander Boettcher
f3dafbf5a6 nova: limit timeout rate in nova_timer_drv
Issue #2579
2017-11-30 11:23:08 +01:00
Alexander Boettcher
59f97802a9 timer.run: provide more information if test fails
Issue #2579
2017-11-30 11:23:08 +01:00
Alexander Boettcher
80778b267d timer: read PIT timer solely after interrupt
Stop gap solution until #2579 gets resolved.
2017-11-30 11:23:08 +01:00
Alexander Boettcher
2ba5f8f4f3 timer framework: use Time_source::curr_time()
Issue #2579
2017-11-30 11:23:08 +01:00
Norman Feske
f2a5648deb ps2_drv: respond to dynamic reconfiguration 2017-11-30 11:23:07 +01:00
Christian Prochaska
41b3d3abc1 init: make 'Server' class usable by external components
Issue #2574
2017-11-30 11:23:05 +01:00
Josef Söntgen
adb00d329f rom_filter: copy input node content to output node
Add suppport for copying the content of an 'input' node to the 'output'
node.

Issue #2558.
2017-11-30 11:23:04 +01:00
Josef Söntgen
f9c2e0e21c lx_block: add file based Block driver for Linux
Issue #2558.
2017-11-30 11:23:04 +01:00
Emery Hemingway
de5c0603f1 platform_drv: account session capabilities with a Cap_quota_guard
The platform driver is a critical component and must not allow sessions
to deplete its own resource quotas.

Fix #2576
2017-11-30 11:23:04 +01:00
Emery Hemingway
ca0c86e7af Enforce cap quotas at VFS server, increase initial File_system cap donation
Check at the VFS server that the capability cost of sessions do not
exceed the session quota donation. Raise the default initial capability
donation for File_system connections.

Fix #2553
2017-11-30 11:23:02 +01:00
Alexander Boettcher
9672329772 fb_boot_drv: evaluate fb pitch
Fixes #2555
2017-11-24 09:02:04 +01:00
Martin Stein
411601ebd1 input_filter: add missing virtual Source::~Source
Previously the destructors of classes derived from Source were not
called when destructing a Source because Source missed the declaration
of a virtual destructor. This caused at least problems when
reconstructing a Chargen_source with its Chargen_repeater that includes
a One_shot_timeout. In this case, the members of the Alarm behind the
timeout were not reset and the next time beeing used the Alarm appeared
to be still active which wasn't true.

Fixes #2570
2017-11-24 09:02:03 +01:00
Norman Feske
26d4753a3c input_filter: accelerate relative motion events 2017-11-09 12:18:43 +01:00
Norman Feske
a6b29530e8 input_filter: scroll-wheel emulation
The new '<button-scroll>' filter generates artificial wheel events from
relative motion events when the user holds a magic button.
2017-11-09 12:18:42 +01:00
Norman Feske
7b4ef66d91 nitpicker: update focus report after reconfig
A new configuration may implicitly change the domain color of the
currently focused session. We need to refresh the report to trigger an
update of the status bar.
2017-11-09 12:18:42 +01:00
Norman Feske
27c9e5c6e8 os: generalize xray trigger component
This commit replaces the old xray_trigger component by a new component
called global_keys_handler. For details, please refer to the issue text
and the accompanied README file.

Fixes #2554
2017-11-09 12:18:42 +01:00
Emery Hemingway
97c5e21ed6 server/vfs: do not append '/' to directory paths
Fix #2544
2017-11-09 12:18:05 +01:00
Alexander Boettcher
c1493b2ed2 usb: avoid pagefault during session destruction
due to pointer to object allocated in context of the session object.

Fixes #2565
2017-11-09 12:18:05 +01:00
Alexander Boettcher
03ae78173b platform_drv: free up dataspaces on session close
Fixes #2564
2017-11-09 12:18:05 +01:00
Norman Feske
4eebd140b0 nitpicker: report current key state
Fixes #2552
2017-11-09 12:18:05 +01:00
Christian Prochaska
547cc06976 ram_fs: throw exception when unlinked node gets accessed
Fixes #2536
2017-11-09 12:18:05 +01:00
Josef Söntgen
eae0445cd8 init: generate a state report when children exit
Whenever a childs is terminated the exit value is propagate through a
new state report. Thereby it becomes possibly for a managing component
to react upon the terminating condition of a child.

Issue #2558.
2017-11-06 13:57:24 +01:00
Martin Stein
b2ea164c76 nic_router: fix bugs in DHCP client functionality
Ref #2560
2017-11-06 13:57:24 +01:00
Martin Stein
db6a2419f2 nic_dump: fix bug in packet log
Ref #2560
2017-11-06 13:57:24 +01:00
Martin Stein
9d84d8b3bd nic_router: rename and move Ip_allocation
Rename Ip_allocation Dhcp_allocation and move it to dhcp_server.* .

Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
127ceaccb5 nic_router: move Dhcp_server to extra header/unit
Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
5e227f9ff1 nic_router: minor style fixes
Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
db9d4d3a3c nic_router: DHCP client functionality
If the attribute 'interface' is not set in a 'domain' tag, the router tries to
dynamically receive and maintain an IP configuration for that domain by using
DHCP in the client role at all interfaces that connect to the domain. In the
DHCP discover phase, the router simply chooses the first DHCP offer that
arrives. So, no comparison of different DHCP offers is done. In the DHCP
request phase, the server is expected to provide an IP address, a gateway, a
subnet mask, and an IP lease time to the router. If anything substantial goes
wrong during a DHCP exchange, the router discards the outcome of the exchange
and goes back to the DHCP discover phase. At any time where there is no valid
IP configuration present at a domain, the domain does only act as DHCP client
and all other router functionality is disabled for the domain. A domain cannot
act as DHCP client and DHCP server at once. So, a 'domain' tag must either
have an 'interface' attribute or must not contain a 'dhcp-server' tag.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
3560555acc nic_router: encapsulate IPv4 peer config in class
An IPv4 config (for a domain/interface of the router) consists of
an IPv4 address, a subnet prefix specifier, an optional gateway
IPv4 address, and some flags that declare whether these fields and
the config as a whole are valid. To make the handling of those
tightly connected values easier and less error prone, we encapsulate
them in a new class.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
0ca248551a net: move Ipv4_address_prefix to nic_router
As this tool is not used by any other component make it local to the
NIC router to keep the net-lib interface small.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
615878bb05 init: periodic state updates if sensible
Under certain circumstances we don't want inits state report to become too
outdated even if there is no change to its config or the sessions of its
children. This is the case if init is requested to provide a capability or RAM
info of it's children via its state report. Now, init automatically updates
the state report with each 1000 ms if the attribute 'child_caps' or
'child_ram' is positively set in the 'report' tag.
2017-11-06 13:57:21 +01:00
Norman Feske
189c5fa628 input_filter: improve capslock handling
Furthermore, the patch reduces the noise in the log produced by
false-positive error messages that are actually warnings.

Fixes #2548
2017-11-06 13:57:20 +01:00
Norman Feske
a0a7d5d165 ps2_drv: drive mode indicator LEDs
The new feature is demonstrated by the input.run script. It uses a
dynamic ROM service to toggle the keyboard LEDs at different intervals.

Fixes #2546
2017-11-06 13:57:20 +01:00
Christian Helmuth
73f1fa9a1f ahci: log vendor/device IDs as hex 2017-11-06 13:57:19 +01:00
Martin Stein
2eef27fca4 timer test: raise tolerance at max trigger count
Timing itself costs time. Thus, the stressfull timeout phase of the
test is not exactly as long as set but a little bit longer. This is why the
fast timeouts are able to trigger more often than they are expected to
(the timer has a static timeout-rate limit). Normally we consider this effect
through an error tolerance of 10%. But at least on foc x86_32 (PIT with very
low max timeout), timing is so expensive that 10% is not enough. We have to
raise it to 11%.
2017-11-06 13:57:19 +01:00
Norman Feske
3a350b65a3 init: handle Service_denied for forwarded sessions
This patch propages the 'Service_denied' condition of forwarded sessions
to the parent. Without it, the invalid session request stays pending
infinitely, which leads to the problem described in issue #2542. It
turns out that suggested solution given in the issue text is actually
not needed when applying this fix.

Fixes #2542
2017-11-06 13:57:18 +01:00
Norman Feske
1ccd9a2fdb rom_filter: expand target buffer on demand
The ROM filter did not handle the situation where the generated content
exceeds the size of the initially allocated dataspace for the target
buffer. This patch wraps the XML generation in a retry loop that
expands the buffer as needed.
2017-11-06 13:57:18 +01:00
Norman Feske
f3988a27d4 nit_fb: support 'origin' attribute
This patch makes the specification of screen coordinates more flexible.
First, the 'origin' attribute allows one to refer to either of the four
screen corners without knowing the screen size. Second, the 'width'
and 'height' values now accept negative values, which are relative to
the screen size.
2017-11-06 13:57:18 +01:00
Christian Prochaska
e4fa8e8fcf vfs server: remove special case of rootdir handles
With this patch, the VFS server returns distinguishable IDs when opening
the root directory multiple times.
2017-10-19 13:31:15 +02:00
Martin Stein
5f65791962 nic_router: bad-protocol message only if verbose
This was an error output-line for each affected packet previously but it
is pretty normal for the router to receive packets whose network layer
protocol it doesn't know . In the default case, these packets shall be
ignored silently.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
30a96706cb nic_router: dhcp server functionality
One can configure the NIC router to act as DHCP server at interfaces of a
domain by adding the <dhcp> tag to the configuration of the domain like
this:

<domain name="vbox" interface="10.0.1.1/24">
    <dhcp-server ip_first="10.0.1.80"
                 ip_last="10.0.1.100"
                 ip_lease_time_sec="3600"
                 dns_server="10.0.0.2"/>
    ...
</domain>

The attributes ip_first and ip_last define the available IPv4 address
range while ip_lease_time_sec defines the lifetime of an IPv4 address
assignment in seconds. The IPv4 address range must be in the subnet
defined by the interface attribute of the domain tag and must not cover
the IPv4 address in this attribute. The dns_server attribute gives the
IPv4 address of the DNS server that might also be in another subnet.
The lifetime of an offered assignment is the configured round trip time of
the router while the ip_lease_time_sec is applied only if the offer is
requested by the client in time.

The ports/run/virtualbox_nic_router.run script is an example of how to
use the new DHCP server functionality.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
03144093b3 nic_router: do link garbage collect on each packet
Previously, garbage collect was only done when an incoming packet passed the
Ethernet checks. Now it is really done first when receiving a packet at an
interface.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
215937ff0f nic_router: handle ARP requests for foreign IPs
If the router has no gateway attribute for a domain (means that the router
itself is the gateway), and it gets an ARP request for a foreign IP, it shall
answer with its own IP.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
ee88d4d2d5 nic_router: use same packet log-format as nic_dump
Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
e5b9a6cc8b nic_router: rework round-trip-time handling
Do not use two times the RTT for the lifetime of links but use it as
it is configured to simplify the usage of the router. Internally, use
Microseconds/Duration type instead of plain integers.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
71bd9a1f10 nic_dump: configurable packet print
The nic_dump uses a wrapper for all supported protocols that
takes a packet and a verbosity configuration. The wrapper object can
than be used as argument for a Genode log function and prints the
packet's contents according to the given configuration. The
configuration is a distinct class to enable the reuse of one instance
for different packets.

There are currently 4 possible configurations for each protocol:
* NONE          (no output for this protocol)
* SHORT         (only the protocol name)
* COMPACT       (the most important information densely packed)
* COMPREHENSIVE (all header information of this protocol)

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
d63c40af3e dhcp: extend options utilities
Provide utilities for appending new options to an existing DHCP packet
and a utility for finding existing options that returns a typed option
object. Remove old version that return untyped options.

Ref #2490
2017-10-19 13:29:44 +02:00
Martin Stein
791fd9806f ipv4 address: conversion from and to integer
Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
d0f5838c61 net: clean up header fields and accessors
Apply the style rule that an accessor is named similar to the the underlying
value. Provide read and write accessors for each mandatory header attribute.
Fix some incorrect structure in the headers like with the flags field
in Ipv4_packet.

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
7b55d4d5d9 ethernet: rework type for ethernet type value
Encapsulate the enum into a struct so that it is named
Ethernet_frame::Type::Enum, give it the correct storage type
uint16_t, and remove those values that are (AFAIK) not used by
now (genode, world).

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
3f269b773d nic_dump: use Duration instead of unsigned
Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
97b1a22a8a nic_dump: measure time only if needed
Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
6b4b662357 nic_router: fix for unknown transport protocols
Do not stop routing if the transport layer protocol is unknown but
continue with trying IP routing instead. The latter was already
done when no transport routing could be applied but for unknown transport
protocols we caught the exception at the wrong place.

Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
642254134e timer test: rate limiting and no starvation
No starvation of timeout signals
--------------------------------

Add several timeouts < 1ms to the stress test and check that timeout
handling doesn't become significantly unfair (starvation) in this situation
where some timeouts trigger nmuch faster than they get handled.

Rate limiting for timeout handling in timer
-------------------------------------------

Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
df71e02ef6 alarm: fix bug in _setup_alarm
We did not set the correct now_period previously but it wasn't conspicuous
because the bug triggered not before a full period had passed which on most
platforms is a pretty long time.

Ref #2490
2017-10-19 13:29:41 +02:00
Christian Helmuth
28004bc9e6 timer: limit rate of handling timeouts
Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-05 17:40:05 +02:00
Emery Hemingway
a67d24e509 import chroot from world repository
Fix #2529
2017-10-05 17:40:04 +02:00
Sebastian Sumpf
754d1bd4a3 usb_report_filter: check device ds
Make sure we actually can report devices on USB driver device updates.

related to #2527
2017-10-05 17:40:04 +02:00
Norman Feske
86656517e3 nitpicker: reset background if backdrop vanishes
Fixes #3
2017-10-05 17:40:03 +02:00
Martin Stein
3f37a12e2d timer connection: fix mixing of time sources
We update the alarm-scheduler time with results of
Timer::Connection::curr_time when we schedule new timeouts but when
handling the signal from the Timer server we updated the alarm-scheduler
time with the result of Timer::Connection::elapsed_us.  Mixing times
like this could cause a non-monotone time value in the alarm scheduler.
The alarm scheduler then thought that the time value wrapped and
triggered all timeouts immediately. The problem was fixed by always
using Timer::Connection::curr_time as time source.

Ref #2490
2017-10-05 17:40:02 +02:00
Alexander Boettcher
1cc09ac786 platform_drv: transfer of quota to device_pd
Issue #2507
2017-10-05 17:40:00 +02:00
Sebastian Sumpf
ff800af820 ahci: make port enumeration independent from port count
fixes #2522
2017-10-05 17:40:00 +02:00
Norman Feske
d9d32847b1 xray_trigger: make initial state configurable 2017-10-05 17:39:57 +02:00
Martin Stein
d62c3117de run/timeout: test if maximum timeouts trigger bugs
Create periodic and one-shot timeouts with the maximum duration
to see if triggers any corner-case bugs. They must not trigger during
the test.

Ref #2490
2017-10-05 17:39:57 +02:00
Martin Stein
8fd914c6ab timeout: fix outdated time in alarm scheduler
If we add an absolute timeout to the back-end alarm-scheduler we must first
call 'handle' at the scheduler to update its internal time value.
Otherwise, it might happen that we add a timeout who's deadline is so big that
it normally belongs to the next time-counter period but the scheduler thinks
that it belongs to the current period as its time is older than the one used
to calculate the deadline.

Ref #2490
2017-10-05 17:39:56 +02:00
Martin Stein
2633ff8661 alarm: fix information loss due to int-cast
When we have two time values of an unsigned integer type and we create
the difference and want to know wether it is positive or negative within
the same value we loose at least one half of the value range for casting
to signed integers. This was the case in the alarm scheduler when
checking wether an alarm already triggered. Even worse, we casted from
'unsigned long' to 'signed int' which caused further loss on at least
x86_64. Thus, big timeouts like ~0UL falsely triggered directly.

Now, we use an extra boolean value to remember in which period of the
time counter we are and to which period of the time counter the deadline
of an alarm belongs. This boolean switches its value each time the time
counter wraps. This way, we can avoid any casting by checking wether the
current time is of the same period as the deadline of the alarm that we
inspect. If so, the alarm is pending if "current time >= alarm
deadline", otherwise it is pending if "current time < alarm deadline".

Ref #2490
2017-10-05 17:39:56 +02:00
Martin Stein
4fa0cb5c29 timer pit: handle and display bad latency
If the PIT timer driver gets activated too slow (e.g. because of a bad priority
configuration), it might miss counter wraps and would than produce sudden time
jumps. The driver now detects this problem dynamically, warns about it and
adapts the affected values to avoid time jumps.

Ref #2400
2017-10-05 17:39:55 +02:00
Emery Hemingway
488396e78b server/vfs: status completes or throw Invalid_handle
The 'status' RPC method of the File_system session must complete
successfully or throw 'Invalid_handle' for any error.

Ref #2512
2017-10-05 17:39:55 +02:00
Martin Stein
82c763fe75 nic_router: provide link state
The NIC router always reports the link state "Up" (true) because
the effective link state depends on the targeted remote interface
and thus on the individual routing for each packet. Consequently,
also the signal handler for state changes gets ignored.

Ref #2490
2017-09-07 11:47:15 +02:00
Martin Stein
a1e32a3ad9 nic_router: use local but individual MAC addresses
IP stacks may treat a network interface as "down" when it states a MAC
address with the I/G bit (bit 40) set to "Group" (value 0) instead of
"Individual" (value 1). This was observed with a TinyCore 8 inside a
Virtualbox VM. Thus, the previously choosen 03:03:03:03:03:00 as base
for the MAC address allocator is bad. Now we use the 02:02:02:02:02:00
instead. This also ensures that the MAC addresses are not marked as
"Universal" but as "Local" (bit 41, value 1) which is correct in general
as the router allocates MAC addresses only for virtual networks.

Ref #2490
2017-09-07 11:47:15 +02:00
Martin Stein
b531a862bb nic_dump: link state and mac address
The NIC dump component didn't support forwarding of link states and link-state
signals until now. Furthermore, it now prints MAC address and link state
on session creation and on every link state change.

Ref #2490
2017-08-30 10:01:36 +02:00
Martin Stein
84ad50b527 nic_dump: synchronize down/uplink creation
Previously, the uplink session was created on component startup while the
creation of the downlink session is timed by the client component. This
created a time span in which packets from the uplink were dropped at the
nic_dump. Now the uplink session-request is done by the session component
of the downlink.

Ref #2490
2017-08-30 10:01:35 +02:00
Alexander Boettcher
4c382d85b2 sel4: adjust cap ram quota of fault_detection.run 2017-08-30 10:00:01 +02:00
Martin Stein
12eb7a44d0 x86 timeout test: consider instable tsc (quickfix)
This is a quickfix to avoid testing microseconds precise time on older x86
machines that have no invariant TSC as interpolation source.

Ref #2400
2017-08-30 10:00:01 +02:00
Josef Söntgen
198019edca os: add Gpu driver for Intel Gen8 HD graphics
This commit introduces a experimental 3D driver for Intel Gen8 HD
graphics devices as well as the corresponding Gpu session.

Fixes #2507.
2017-08-30 09:59:57 +02:00
Alexander Boettcher
830f6934f9 base: add support to unconstrain virtual space
Issue #2507.
2017-08-30 09:59:57 +02:00
Emery Hemingway
1fce8d0d74 default ahci_drv and part_blk Block sessions to read-only
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.

Fix #2469
2017-08-28 16:49:51 +02:00
Martin Stein
d9073a1848 timer/util: generic TIMER_MIN_TICKS_PER_MS
Ref #2400
2017-08-28 16:49:50 +02:00
Martin Stein
399e1586be timer: generic timer_ticks_to_us implementation
There are hardware timers whose frequency can't be expressed as
ticks-per-microsecond integer-value because only a ticks-per-millisecond
integer-value is precise enough. We don't want to use expensive
floating-point values here but nonetheless want to translate from ticks
to time with microseconds precision. Thus, we split the input in two and
translate both parts separately. This way, we can raise precision by
shifting the values to their optimal bit position. Afterwards, the results
are shifted back and merged together again.

As this algorithm is not so trivial anymore and used by at least three
timer drivers (base-hw/x86_64, base-hw/cortex_a9, timer/pit), move it to a
generic header to avoid redundancy.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
652187b25e timer pit: fix precision reduction to milliseconds
Due to the simplicity of the algorithm that translated from timer ticks
to time, we lost microseconds precision although the timer allows for it.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
02bbb2efaf test/timeout: use elapsed_us instead of elapsed_ms
Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
22294d3b18 timer connection: fix division by null
When synchronizing with the remote time source, we have to take care that the
measured time difference cannot become null because its real value is smaller
than the measurement granularity. Since the granularity is one microsecond, we
simply go on polling timestamp and time until the microsecond has passed.
This busy waiting should be no problem for the system for two reasons. First,
it is limited to a relatively small amount of time and second, a busy lock
does not happen because the time source that is responsible for the limiting
factor is explicitely called on each poll.

Ref #2400
2017-08-28 16:49:49 +02:00
Johannes Kliemann
c509cabdba os: fix fb_boot_drv framebuffer padding
Fixes #2486
2017-08-28 16:49:45 +02:00
Christian Prochaska
b0935ef9b2 VFS: nonblocking interface
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.

For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.

The most important changes are:

- Directories are created and opened with the 'opendir()' function and the
  directory entries are read with the recently introduced 'queue_read()'
  and 'complete_read()' functions.

- Symbolic links are created and opened with the 'openlink()' function and
  the link target is read with the 'queue_read()' and 'complete_read()'
  functions and written with the 'write()' function.

- The 'write()' function does not wait for signals anymore. This can have
  the effect that data written by a VFS library user has not been
  processed by a file system server yet when the library user asks for the
  size of the file or closes it (both done with RPC functions at the file
  system server). For this reason, a user of the VFS library should
  request synchronization before calling 'stat()' or 'close()'. To make
  sure that a file system server has processed all write request packets
  which a client submitted before the synchronization request,
  synchronization is now requested at the file system server with a
  synchronization packet instead of an RPC function. Because of this
  change, the synchronization interface of the VFS library is now split
  into 'queue_sync()' and 'complete_sync()' functions.

Fixes #2399
2017-08-28 16:49:38 +02:00
Norman Feske
a4b543bc80 init: avoid repeated config XML parsing 2017-08-28 16:49:37 +02:00
Norman Feske
bfbe5128cd tar_rom: minor documentation fix 2017-08-28 16:49:37 +02:00
Norman Feske
6184a27619 init: defer forwarded session requests when needed
This patch changes init's service forwarding such that pending requests
are kept unanswered as long as the requested service is not present
(yet). In dynamic-init scenarios, this is needed in situtions where the
dynamic init is known to eventually provide the service but the internal
subsystem is not ready yet. Previously, a client that attempted to
request a session in this early phase would get a 'Service_denied'
exception. By deferring the forwarding in this situation, the behaviour
becomes deterministic.

If a matching '<service>' exists but there is no matching policy sub
node, the request is answered with 'Service_denied' - as expected.
2017-08-28 16:49:37 +02:00
Martin Stein
c0c0d8c600 nic_router: error if uplink domain not configured
Ref #2490
2017-08-28 16:49:36 +02:00
Martin Stein
96c7f8d53f init: be aware of abandoned any-child routes
Previously, init did not test if a service is abandoned on a new
configuration if the service was routed via an any-child route.

Fixes #2483
2017-08-28 16:49:35 +02:00
Martin Stein
b6efa7f6f9 timer connection: fast initial calibration
The calibration of the interpolation parameters was previously only done
periodically every 500 ms. Together with the fact that the parameters
had to be stable for at least 3 calibration steps to enable
interpolation, it took at least 1.5 seconds after establishing a
connection to get microseconds-precise time values.

This is a problem for some drivers that directly start to poll time.
Thus, the timer connection now does a calibration burst as soon as it
switches to the modern mode (the mode with microseconds precision).
During this phase it does several (currently 9) calibration steps
without a delay inbetween. It is assumed that this is fast enough to not
get interrupted by scheduling. Thus, despite being small, the measured
values should be very stable which is why the burst should in most cases
be sufficient to get the interpolation initialized.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
adaad64fbb timer connection: relax factor shifting
When in modern mode (with local time interpolation), the timer
connection used to maximize the left shifting of its
timestamp-to-microseconds factor. The higher the shift the more precise
is the translation from timestamps to microseconds. If the timestamp
values used for determining the best shift were small - i.e.  the delay
between the calibration steps were small - we may got a pretty big
shift.  If we then used the shift with bigger timestamp values - i.e.
called curr_time seldom or raised calibration delays - the big shift
value became a problem. The framework had to scale down all measured
timestamps and time values temporarily to stay operative until the next
calibration step.

Thus, we now raise the shift only that much that the resulting factor
fullfills a given minimum. This keeps it as low as possible according
to the precision requirement. Currently, this requirement is set to 8
meaning that the shifted factor shall be at least 2^8 = 256.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
6dfb903bd0 timer connection: always work with microseconds
As the timer session now provides a method 'elapsed_us', there is no more need
for doing any internal calculations with values of milliseconds.

Ref #2400
2017-08-23 14:08:36 +02:00
Martin Stein
8750e373a0 timer session: add elapsed_us method
As timer sessions are not expected to be microseconds precise (because
of RPC latency and scheduling), the session interface provided only a
method 'elapsed_ms' although the back end of this method in the timer
driver works with microseconds.

However, in some cases it makes sense to have a method 'elapsed_us'. The
values it returns might be milliseconds away from the "real" time but it
allows you to work with delays smaller than a millisecond without
getting a zero delta value.

This commit is motivated by the need for fast bursts of calibration
steps for the time interpolation in the new timer connection.

Ref #2400
2017-08-23 14:08:36 +02:00
Alexander Boettcher
69e71147ef platform_drv: replace nova specific device_pd
by using generic Pd_session::map instead for eager memory mappings of DMA
memory.

Issue #2209
2017-08-18 10:24:47 +02:00
Emery Hemingway
5f35175644 app/sequence: execute components in sequence
Fix #2476
2017-08-18 10:24:46 +02:00
Emery Hemingway
ad6c94bb09 input_filter character mapping rules for the Workman layout
http://workmanlayout.org/

Fix #2473
2017-08-17 11:04:23 +02:00
Emery Hemingway
2deddf1e6d Check for symlink target length errors
Check for symlink length errors at the VFS library and the ram_fs and
vfs servers.

Fix #2462
2017-08-17 11:04:21 +02:00
Emery Hemingway
cfdac3f4c3 ram_fs: check symlink writes for termination bytes
Ref #2461
2017-08-17 11:04:21 +02:00