Commit Graph

6437 Commits

Author SHA1 Message Date
Stefan Thöni
78497c03ca base-linux: enabled seccomp
base-linux uses seccomp to reduce the available system calls
to the minimum set needed to run base-linux. There are still
some syscalls that allow accessing global state which should
be further reduced.

The combination of seccomp and socket descriptor caps should
provide an intermediate level of security for base-linux
thereby enabling base-linux as a migration path from using
the Linux kernel to the use of microkernel-based Genode.

Fixes #3581
2020-05-27 11:56:46 +02:00
Alexander Boettcher
f80b4b9fd9 vm_stress.run: update numbers
due to script changes to stabilize/minimize variants in runs

Issue #3683
2020-05-27 11:56:46 +02:00
Pirmin Duss
7f6b6d7e13 core-linux: make RAM quota configurable
Add the option to configure the RAM quota for core on base-linux.
The environment variable GENODE_RAM_QUOTA if it exists is interpreted
as number of bytes to provide to the first init.

Issue #3762
2020-05-27 11:56:46 +02:00
Pirmin Duss
51104454aa depot_deploy: copy all attributes of <report> node
This allows the configuration of all report attributes of the <report>
node for the sub init instead of only `delay_ms`.

Issue #3760
2020-05-27 11:56:46 +02:00
Christian Prochaska
2f47bbde30 qt5: use VFS pipe plugin
Fixes #3759
2020-05-27 11:56:46 +02:00
Norman Feske
b078224753 Replace Genode::strncpy by Genode::copy_cstring
- Since Genode::strncpy is not 100% compatible with the POSIX
  strncpy function, better use a distinct name.

- Remove bogus return value from the function, easing the potential
  enforcement of mandatory return-value checks later.

Fixes #3752
2020-05-27 11:56:45 +02:00
Norman Feske
0f27d139bd depot: update recipe hashes 2020-05-18 10:16:59 +02:00
Norman Feske
77a875735a fs_query.run: adjust quota for seL4 2020-05-18 10:16:15 +02:00
Christian Helmuth
32753c3f69 Use HTTPS in fetchurl test
HTTPS is standard today and HTTP the exception.
2020-05-18 10:16:15 +02:00
Christian Helmuth
7d2eb71094 openssl: update to current version 1.0.2u 2020-05-18 10:16:15 +02:00
Norman Feske
0de54cddaa gdb_monitor: hide exceptions during create_thread
This patch is a workaround for the missing implementation of
'Pd_session::transfer_quota' interface by the GDB monitor's PD service.
The missing implementation becomes problematic with the changes of #3750
that enabled the cap-quota accounting for core's CPU service.

In regular scenarios without the GDB monitor, the client of
'Cpu_session::create_thread' deals with Out_of_caps or Out_of_ram by
upgrading the CPU session's cap and RAM quotas. This, in turn, results
in a sequence of 'transfer_quota' operations at the parent.

Since GDB monitor implements a custom PD service, these 'transfer_quota'
calls try to transfer quota between sessions provided by core and those
provided by the GDB monitor. This does of course not work. To fix this
issue, the GDB monitor needs a major overhaul. This patch side-steps
the problem by handing Out_of_caps and Out_of_ram from the debuging
target.
2020-05-18 10:16:15 +02:00
Norman Feske
4002653334 qt5: fix audio driver support on Linux
The lx_hybrid audio driver must be started with the 'ld="no"' argument.
2020-05-18 10:16:15 +02:00
Emery Hemingway
adb48b5c9e Libc: MSG_PEEK support
As discovered by Johannes Kliemann, peeking at buffered socket data
using 'recv' and 'MSG_PEEK' is not supported. Read a "peek" control file
from the socket directory to attempt to peek into buffers at the
socket_fs. Support for every feature of POSIX sockets cannot be
expected, but this one is trivial to implement.

Fix #2875
2020-05-18 10:16:15 +02:00
Emery Hemingway
7f928a6573 LxIP "peek" file
Add a control file for peeking at socket buffers.

Ref #2875
2020-05-18 10:16:15 +02:00
Josef Söntgen
f1427fc02a dde_bsd: remove configration attributes
The driver always opens the audio device in duplex mode, i.e.,
playback and recording. Setting the 'playback' or 'recording' attribute
only influnces the service announcement. Due to changes made in a more
recent OpenBSD release recording must be set enabled explicitly anyway.
Since we already provide the interface that mirrors the one used by
OpenBSD 1:1 in the configuration use that and the remove the additional
config attributes.

Fixes #3757.
2020-05-18 10:16:14 +02:00
Josef Söntgen
8ce798abed dde_bsd: document audio driver configuration
So far the configuration was only document in the commit message that
introduce the change.

Issue #3757.
2020-05-18 10:16:14 +02:00
Norman Feske
dd0c1575f5 Xml_node: mark deprecated methods
Fixes #3755
2020-05-18 10:16:14 +02:00
Norman Feske
4b9c1d8f2b solo5: tolerate use of deprecated Xml_node API
This patch is an interim fix to allow building solo5 despite of the use
of deprecated parts of the Xml_node API.

Issue #3755
2020-05-18 10:16:14 +02:00
Norman Feske
be65c4acd2 Avoid use of deprecated Xml_node methods
Issue #3755
2020-05-18 10:16:14 +02:00
Norman Feske
d22b95ded3 test-fs_rom_update_ram: increase timeout for foc
The timeout triggered on foc/x86_32 in Qemu.
2020-05-18 10:16:13 +02:00
Christian Helmuth
c11d9b7b5c Remove false API dependencies from libc/posix components
Fixes #3720
2020-05-18 10:16:13 +02:00
Christian Helmuth
42fddf8390 Cleanup shared-object support mechanics
The former ldso-startup static library (now called ldso_so_support) is
used to spice each shared object/library with local support code for the
dynamic linker (execution of static constructors and ARM-EABI).
Therefore, the library must be statically linked to each dynamic
library.

As a result recipes for dynamic libraries must always depend on the "so"
API, which makes ldso_so_support.mk and so_support.c available
independent of "base". Additionally, ldso_so_support is also provided in
the libc API to cut the dependency early for libc/posix libraries.

Issue #3720
2020-05-18 10:16:13 +02:00
Christian Helmuth
589b416ca8 Remove misleading "pipe" utility and test
If a "cat" tool as simple as the removed one is needed, it should be
implemented with Goa, only depend on libc/posix (*not* base), and be
named "simple_cat". Up to today, the misleading naming of the removed
tool, tricked me into believing "test-pipe" tests POSIX pipes, which it
did not!
2020-05-18 10:16:13 +02:00
Christian Helmuth
4738d77c88 libc: fix CC_C_OPT in libm 2020-05-18 10:16:13 +02:00
Norman Feske
64bc008c3a core: fix inconsistent state after failed 'trace'
This patch fixes the handling of the corner case where the allocation of
a trace buffer throws 'Out_of_caps' or 'Out_of_ram'. Under this
circumstance, the '_buffer' would still be flagged with the 'size',
which prevented any subsequent allocation attempt. This patch fixes the
problem by initializing the 'size' after the potentially throwing
allocation.

The problem triggered with the test-trace_logger after the accounting of
core's TRACE service (replacing the 'Allocator_guard' by
'Constrained_ram_allocator') became more accurate.

Related to issue #3750
2020-05-18 10:16:13 +02:00
Christian Helmuth
236e02a2dd linux: remove initramfs from base-linux src archive 2020-05-18 10:16:13 +02:00
Norman Feske
cb5b688eb9 Remove <configfile> feature from init
Fixes #3753
2020-05-18 10:16:13 +02:00
Norman Feske
c39a342fe5 Remove use of <configfile> feature of init
Issue #3753
2020-05-18 10:16:13 +02:00
Norman Feske
07502ce6bb Remove Python2
Fixes #3751
2020-05-18 10:16:13 +02:00
Norman Feske
48b2456845 util/token.h: fix possible out-of-bounds read
The 'WHITESPACE' case of the _calc_len method wrongly accessed the
character before checking upper bound of the token. The problem is fixed
by switching the order of both conditions.

Fixes #3756
2020-05-18 10:16:12 +02:00
Christian Helmuth
894c7411e7 Remove obsolete vmm_utils test 2020-05-18 10:16:12 +02:00
Sebastian Sumpf
ea78d85d35 ahci: SYNC with empty NCQ queue only
Fixes #3746
2020-05-18 10:16:12 +02:00
Norman Feske
04aeaa25e5 Remove dead code 2020-05-18 10:16:12 +02:00
Norman Feske
9d67f9fc8e Remove Allocator_guard
This patch removes old 'Allocator_guard' utility and replaces its use
with the modern 'Constrained_ram_allocator'.

The adjustment of core in this respect has the side effect of a more
accurate capability accounting in core's CPU, TRACE, and RM services.
In particular, the dataspace capabilities needed for core-internal
allocations via the 'Sliced_heap' are accounted to the client now.
The same goes for nitpicker and nic_dump as other former users of the
allocator guard. Hence, the patch also touches code at the client and
server sides related to these services.

The only remaining user of the 'Allocator_guard' is the Intel GPU
driver. As the adaptation of this component would be too invasive
without testing, this patch leaves this component unchanged by keeping a
copy of the 'allocator_guard.h' locally at the component.

Fixes #3750
2020-05-18 10:16:12 +02:00
Christian Prochaska
1cc7277996 qt5: don't build webkit-related libraries for arm_v8a
Fixes #3747
2020-05-05 13:53:09 +02:00
Norman Feske
a9f0e47ea3 Remove return value of Log_session::write
Fixes #3749
2020-05-05 13:51:05 +02:00
Norman Feske
bbc21cf063 util/bit_array.h: remove use of memset and memcpy
This makes the code less dependent on functions considered unsafe.

Fixes #3748
2020-05-05 13:30:15 +02:00
Christian Helmuth
f722aa3325 os: src recipe for lx_fs 2020-05-04 15:59:29 +02:00
Norman Feske
eb0a33302a libc: strip trailing '/' for directory operations
Fixes #2686
2020-05-04 15:28:47 +02:00
Christian Prochaska
151828752c vfs: handle read error in fs file system
Issue #3742
2020-04-28 11:43:12 +02:00
Christian Prochaska
6a8fb48c13 vfs server: keep ack packet intact on failure
Issue #3742
2020-04-28 11:42:52 +02:00
Christian Prochaska
07b87f6f1f pthread: initialize static condition variables
Fixes #3741
2020-04-28 11:42:16 +02:00
Christian Prochaska
905b0c4aef libc: remove log2.patch
Fixes #3740
2020-04-28 11:41:38 +02:00
Christian Prochaska
6505ce47ae libc vfs plugin: report non-zero link count in 'stat()'
Fixes #3739
2020-04-28 11:40:58 +02:00
Christian Prochaska
31d7b3eb97 vfs_lwip: guard 'blocked_handles' Fifo
Fixes #3738
2020-04-28 11:37:56 +02:00
Alexander Boettcher
80d89c20fd top: use batched subject_infos of trace session
Issue #3610
2020-04-28 08:58:03 +02:00
Alexander Boettcher
1a94338389 trace: support to request subject infos batched
Optimize requesting the Subject_infos from O(n) to O(1) RPC call.

Issue #3610
2020-04-28 08:57:57 +02:00
Norman Feske
dd899fde29 depot: update recipe hashes 2020-04-24 14:37:57 +02:00
Norman Feske
1bf796d69a Remove Rust support
Fixes #3488
2020-04-24 14:37:57 +02:00
Norman Feske
c12d76686e Move OpenVPN to genode-world repository
Fixes #3737
2020-04-24 14:37:57 +02:00
Stefan Kalkowski
199821a247 os: re-enable drivers_interactive for i.MX53
* Fix IPU hardware structure layout
* Turn Signal_handler into Io_signal_handler
* Eliminate the faulty msleep in I2C initalization sequence
* Fix routes and resources for tablet board (i.MX53 SMD)

Fix #3735
2020-04-24 14:37:57 +02:00
Norman Feske
840f383e46 Remove input_merger component
Fixes #3736
2020-04-24 14:37:57 +02:00
Norman Feske
6f6340644b Hide binary_ready_hook_for_platform from public
The hook is meant to be internal to the framework. So better keep its
declaration in the framework-internal globals.h header.

Issue #3581
2020-04-24 14:37:47 +02:00
Norman Feske
b134867f31 Remove Rpc_entrypoint::Native_context
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.

Related to issue #3581
2020-04-21 16:50:37 +02:00
Norman Feske
01bf32b998 Remove ram_fs server
Fixes #3734
2020-04-21 16:27:07 +02:00
Norman Feske
f14cc2edab Replace use of ram_fs by VFS server
Issue #3734
2020-04-21 16:24:37 +02:00
Norman Feske
f0c4fc1e22 sandbox: defer requests for upcoming server
The sandbox library supports the forwarding of session requests from the
outside to one of the hosted children according to a policy. This patch
introduces the distinction between two cases, which previously triggered
the denial of the session request.

- There exists no matching policy for the requested session
- There exists a matching policy but the referred server child
  does not exist (yet)

Whereas the proper response to the first case is the denial of the
request, the second case can occur in situation where a dynamic init is
used to implement a staged startup, for example via the deploy
mechanism. In such cases, a policy may exist as a static rule while the
server has not been started yet. This patch changes the behavior such
that such requests are stalled.

The patch is accompanied with test cases for exercising both situations.

Fixes #3733
2020-04-21 14:52:29 +02:00
Alexander Boettcher
f891f4c963 vm_stress: change output message for ci scripts
so that it detect it correctly as not available instead of a failure on
normal work days

Issue #3683
2020-04-20 12:36:00 +02:00
Stefan Kalkowski
9f28f4f803 hw: avoid BASE_DIR relative path definitions
Fix #3728
2020-04-17 12:55:13 +02:00
Stefan Kalkowski
0e49336b96 Retire Exynos 5 support (fix #3725) 2020-04-17 12:53:57 +02:00
Stefan Kalkowski
941e918b46 vmm: unify armv7/v8 virtualization
Fix #3638
2020-04-17 12:52:02 +02:00
Stefan Kalkowski
74e75d7fbc hw: enable virtualization support for virt_qemu
Ref #3638
2020-04-17 12:51:53 +02:00
Stefan Kalkowski
58db6542f8 hw: check for security extension support in GICv2
Ref #3638
2020-04-17 12:51:44 +02:00
Tomasz Gajewski
fca2a05adf trace: extend test for log_output
Issue #3714
2020-04-17 12:48:17 +02:00
Tomasz Gajewski
4639978b3a trace_logger: avoid output of empty lines
It avoids output of empty lines in output buffer if traced messages end
with \n (what is common with messages logged from dde_linux).

Issue #3714
2020-04-17 12:48:13 +02:00
Tomasz Gajewski
870d348d77 trace: redirect logs to trace based on policy
If trace is enabled for component than an attempt to put message into
trace buffer is performed using log_output policy. If it succeeds than
message is not put to logs using log service.

Fixes #3714
2020-04-17 12:47:48 +02:00
Tomasz Gajewski
db8ec81e9f trace: log_output policy that redirects logs to trace
Issue #3714
2020-04-17 12:47:35 +02:00
Tomasz Gajewski
1d9a2dce94 trace: extend policy with log_output
Issue #3714
2020-04-17 12:47:19 +02:00
Roman Iten
12ea494477 vfs/File_content: fix end condition in for_each_line
Fixes #3729
2020-04-17 12:45:10 +02:00
Christian Helmuth
b60b591d06 depot: update recipe hashes 2020-04-17 12:40:13 +02:00
Christian Helmuth
9fbc68bda1 libports: icu library moved to GitHub 2020-04-17 12:40:13 +02:00
Norman Feske
132569d12b base-linux: socket descriptor caps for RPC
On Linux, Genode used to represent each RPC object by a socket
descriptor of the receiving thread (entrypoint) and a globally-unique
value that identifies the object. Because the latter was transferred as
plain message payload, clients had to be trusted to not forge the
values. For this reason, Linux could not be considered as a productive
Genode base platform but remained merely a development vehicle.

This patch changes the RPC mechanism such that each RPC object is
represented by a dedicated socket pair. Entrypoints wait on a set of
the local ends of the socket pairs of all RPC objects managed by the
respective entrypoint. The epoll kernel interface is used as the
underlying mechanism to wait for a set of socket descriptors at the
server side.

When delegating a capability, the remote end of the socket pair is
transferred to the recipient along with a plaintext copy of the
socket-descriptor value of the local end. The latter value serves as a
hint for re-identifiying a capability whenever it is delegated back to
its origin. Note that the client is not trusted to preserve this
information. The integrity of the hint value is protected by comparing
the inode values of incoming and already present capablities at the
originating site (whenever the capability is invoked or presented to the
owner of the RPC object).

The new mechanism effectively equips base-linux with Genode's capablity
model as described in the Chapter 3 of the Genode Foundations book.
That said, the sandboxing of components cannot be assumed at this point
because each component has still direct access to the Linux system-call
interface.

This patch is based on the extensive exploration work conducted by
Stefan Thoeni who strongly motivated the inclusion of this feature into
Genode.

Issue #3581
2020-04-17 12:40:13 +02:00
Alexander Boettcher
319d2be1af seoul: add vm_stress script version
Issue #3683
2020-04-17 12:40:13 +02:00
Alexander Boettcher
29911cf114 seoul: update contrib branch
- reactivate vga update, range was to small
- remove diagnostic messages
- add support to ignore machine check MSR MCG CAP

Issue #3683
2020-04-17 12:40:13 +02:00
Alexander Boettcher
8be72b0be1 vbox5: add testing VMs causing load
Issue #3683
2020-04-17 12:40:13 +02:00
Emery Hemingway
6359445a8e Add <exit propagate="…"/> to Init config schema
Fix #3724
2020-04-17 12:40:13 +02:00
Christian Helmuth
c783764d0b Region-map attach/detach stress depot_autopilot test
Issue #3715
2020-04-17 12:40:13 +02:00
Stefan Kalkowski
ff378a8c5b hw: cache maintainance on mapping removal too
Older ARM processors like ARMv6, or Cortex A8 need to write back changes
of the page-tables to physical ram because the MMU does not use the cache.
This naturally needs to be done not only when adding a mapping,
but on removal too.

Fix #3715
2020-04-17 12:40:13 +02:00
Norman Feske
03c3040a1d Remove stale documentation
The topics are either covered by the Genode Founations book for by our
tools, in particular the integration of the prepare_port mechanism with
the run tool.
2020-04-17 12:40:13 +02:00
Christian Helmuth
cc4e21e7a7 Fix some details in run scripts
- don't use 'qemu -serial mon:stdio' anymore as it no longer works as
  expected
- use "bash -l" with [terminal] to read user's profile configuration,
  e.g., PATH settings
- added missing boot modules and cap quotas
2020-04-17 12:40:13 +02:00
Norman Feske
6dfd268ef1 base/registry.h: remove misleading comment 2020-04-17 12:40:13 +02:00
Christian Helmuth
838c5ba7de ieee754: enable output check for ARM64
Issue #3723
2020-04-17 12:40:13 +02:00
Christian Helmuth
4ab990ad5b libc: provide C++ runtime symbols in ABI
This commit puts all C++ runtime/support symbols of ld.lib.so in a
dedicated section of base/lib/symbols/ld and mirrors the section to
libports/lib/symbols/libc. So, the libc ABI resolves potential C++
runtime dependencies of base-ABI-agnostic components at link time. The
runtime resolution is done by the linker by symbol lookup in ld.lib.so.

Issue #3720
2020-04-17 12:40:13 +02:00
Alexander Boettcher
13cd25e7b0 vfs/ram: avoid 2x mutex releases in guard
Issue #3612
2020-04-17 12:40:12 +02:00
Alexander Boettcher
2b41323fe6 test-* recipes: fix xmllint errors
config_0.xml.tmp:26: element config: Schemas validity error :
  Element 'config': Character content other than whitespace is
  not allowed because the content type is 'element-only'

Issue #3612
2020-04-17 12:40:12 +02:00
Norman Feske
7bf47b1982 base-linux: boost max open fds to the hard rlimit
This patch increases the default limit of the maximum number of open
file descriptors to the hard limit of the system. This is needed for
complex scenarios, which require more FDs than the default of 1024
at core.

Related to issue #3581

Fixes #3721
2020-04-17 12:40:12 +02:00
Alexander Boettcher
22d71d5a8b os: use Mutex/Blockade
Issue #3612
2020-04-17 12:40:12 +02:00
Alexander Boettcher
3956530634 base: use Mutex/Blockade
Issue #3612
2020-04-17 12:40:12 +02:00
Alexander Boettcher
e87d60ddf7 core: use Mutex/Blockade
Issue #3612
2020-04-17 12:40:12 +02:00
Norman Feske
85a1f91f59 Sanitize Framebuffer::Mode member access
Fixes #3719
2020-04-17 12:40:12 +02:00
Alexander Boettcher
dc90740549 nic_router: accept DHCP reply with missing option
The options are not always set, which throws exception. This leads to not
accepting the selected IP address.

Fixes #3716
2020-04-17 12:40:12 +02:00
Tomasz Gajewski
d111af922a trace documentation: fix reference to events definitions 2020-04-17 12:40:12 +02:00
Norman Feske
40c21b6d0f window layouter: restore screen tiling
This commit fixes a regression introduced by "window_layouter: add
dynamic screen handling", rendering the sub-division of screens in
columns and row unusable. The said commit removed a condition needed
for the correct window placement. This patch restores the condition.

Issues #3646
2020-04-17 12:40:12 +02:00
Norman Feske
4dd110ce5e Remove noux runtime
The feature set of noux is fully covered by the regular C runtime now.

Fixes #3696
2020-04-17 12:39:33 +02:00
Norman Feske
d6bdeed38f report_dump: replace noux by plain bash
This patch also introduces the use of the RTC for creating directory
names and increases the rate of snapshot creation from 10 seconds to
one minute to make sure that directories are named differently when
reading the RTC clock at granularity of minutes.

Issue #3696
2020-04-17 12:39:33 +02:00
Stefan Thöni
e8fb7ad470 report_rom: add package recipe 2020-04-17 12:39:33 +02:00
Stefan Thöni
5b68286e07 fs_report: add package recipe 2020-04-17 12:39:33 +02:00
Stefan Thöni
bb12d79ae9 vfs: add package recipe 2020-04-17 12:39:33 +02:00
Alexander Boettcher
d657b61f1b x86: support msi-x by platform driver
Fixes #3699
2020-04-17 12:39:33 +02:00
Norman Feske
42a77c531a sculpt: remove noux runtime from inspect view
Issue #3696
2020-04-17 12:39:32 +02:00
Norman Feske
5347278136 sculpt: perform prepare step without noux
Issue #3696
2020-04-17 12:39:32 +02:00
Norman Feske
ca5c25ac04 sculpt: replace log-noux instance by stdin2out
Issue #3696
2020-04-17 12:39:32 +02:00
Norman Feske
bb35b997b8 New stdin2out utility as replacement for tail -f
This little utility allows us to remove the noux instance for the log
view of Sculpt OS.

Issue #3696
2020-04-17 12:39:32 +02:00
Norman Feske
9c95e4bb4f sculpt: replace noux-based e2fsprogs by fs_utils
With this patch, Sculpt executes the e2fs file-system utilities
directly instead of hosting them within the noux runtime.

Issue #3696
2020-04-17 12:39:32 +02:00
Norman Feske
e63195a940 e2fsprogs: disable HAVE_GETMNTINFO
This patch avoids calls of '__sys_getstatfs' (indirectly via
'getmntinfo'), which does not return any meaningful values in Genode's
libc. Otherwise, the libc's dummy implementation prompts resize2fs to
back out.

Issue #3696
2020-04-17 12:39:32 +02:00
Norman Feske
0836293d1a libports: src/fs_utils depot archive
The depot archive contains the utilities of e2fsprogs that are needed
for Sculpt OS as standalone components.
2020-04-17 12:39:32 +02:00
Norman Feske
330672e030 libports: mke2fs and resize2fs as standalone apps
This patch makes the e2fsprogs 'mke2fs' and 'resize2fs' available as
standalone components that can be used by Sculpt OS directly without
a Unix emulation environment.
2020-04-17 12:39:32 +02:00
Josef Söntgen
150d143755 os: use Request_stream API in NVMe driver
As a result of the API change the memory handling could be simplified.
Since the Block session dataspace is now directly used for DMA, we
actually only have to provide the memory for setting up PRP lists for
large requests (for the moment more than 8 KiB of data).

As we limit the maximum data transfer length to 2 MiB, we get by with
just a page per request. Those memory is allocated beforehand for the
maximum number of I/O requests, which got bumbed to 512 entries. Since
not all NVMe controllers support such large a maximum data transfer
length and this many entries, especially older ones, the values are
capped according to the properties of the controller during
initialization. (The memory demands of the component are around 3 MiB
due to setting up for the common case, even if a particular controller
is only able to make use of less.)

(Although there are controllers whose maximum memory page size is more
than 4K, the driver is hardcoded to solely use 4K pages.)

In addition to those changes, the driver now supports the 'SYNC' and
'TRIM' operations of the Block session by using the NVMe 'FLUSH' and
'WRITE_ZEROS' commands.

Fixes #3702.
2020-04-17 12:39:32 +02:00
Christian Helmuth
e63c5e6c69 base: rework interplay of signal-proxy and entrypoint
The former scheme left open a race window between
_process_incoming_signals() and wait_and_dispatch_one_io_signal()
resulting in both threads calling block_for_signal() and blocking
forever with one unprocessed signal.

Fixes #3704
2020-04-17 12:39:32 +02:00
Christian Helmuth
69080014b0 depot_autopilot: test case for entrypoint
Test for entrypoint destruction and signalling.

Issue #3704
2020-04-17 12:39:32 +02:00
Stefan Kalkowski
f051065582 Retire OMAP4 support
Fix #2850
2020-04-17 12:39:32 +02:00
Piotr Tworek
585c4b8c69 hw: Add support for Qemu virt arm platforms.
This patch adds support for booting base-hw kernel on qemu-arm virt
machines. The arm_virt machine has 2GB of RAM, 2 Cortex A15 cores and
uses GICv2 interrupt controller. The arm_64_virt machine also has 2GB of
RAM, but has 4 Cortex A53 cores and uses GICv3. Both machines use PSCI
to boot additional CPU cores.

Fixes #3673
2020-04-17 12:39:32 +02:00
Piotr Tworek
dad1de1865 hw: Add interface for making basic ARM PSCI calls.
So far this only exposes two functions allowing the code to turn on
additional CPUs. There is much more functionality defined by PSCI spec
but so far its not needed by Genode.

Fixes #3672
2020-04-17 12:39:32 +02:00
Pirmin Duss
6f1357c6f8 libc: add symbol used by protobuf
Issue #3692
2020-04-17 12:39:32 +02:00
Josef Söntgen
336228f357 os: handle SYNC packet in lx_fs
Call 'fsync(2)' on files and directories.

Fixes #3711.
2020-04-17 12:39:32 +02:00
Josef Söntgen
df553e9360 os: remove catch-all from FS VFS update mtime
Only 'alloc_packet' is supposed to throw an exception, which is already
caught. The 'submit_packet' call does not need further handling.

Issue #3713.
2020-04-17 12:39:32 +02:00
Josef Söntgen
ddc0caa605 os: remove error messages from FS VFS update mtime
The update modification timestamp is implemented as one-shot where
the caller is expected to try again if the first attempt failed (see
current libc implementation). So the message is misleading as further
attempts might succeed.

Issue #3713.
2020-04-17 12:39:32 +02:00
Christian Helmuth
0df358a550 nova: early message on successful boot
This patch fixes a regression with run/log_core introduced by

  2064ffd64b nova: support multidimensional affinity space

The run tool uses a log message 'run_boot_string' to detect successful
boot as well as to detect unexpected reboots. This message should never
be logged twice and, thus, should not be part of the core_log. The patch
mentioned above moved the former run_boot_string after the core_log
initialization.
2020-04-17 12:39:31 +02:00
Pirmin Duss
9da428dccf vfs_import: implement write loop for copy_file
This is required to allow import of large file.

Fixes #3655
2020-04-17 12:37:26 +02:00
Norman Feske
46fa8197a2 depot: update recipe hashes 2020-03-26 11:39:02 +01:00
Christian Helmuth
52d798ff40 init: support heartbeat in config.xsd 2020-03-26 11:39:02 +01:00
Stefan Kalkowski
256b2fa3e1 hw: cortex a9 diagnostic register fixup
This is a follow-up fix for commit 202333c881.
It checks for the diagnostic registers being already setup correctly.
Otherwise on platforms with secure firmware, like Pandaboard it will stuck.

Ref #3639
2020-03-26 11:39:02 +01:00
Norman Feske
d8bcaa4fa4 base-linux: disable ASLR for child processes
ASLR collides with the libc's fork mechanism on 32-bit. In particular,
the tool_chain_auto.run scenario would sporadically fail while mirroring
the parent's address space.

Fixes #3710
2020-03-26 11:39:02 +01:00
Emery Hemingway
7a5841b637 ahci: driver improve diagnostic messages for empty ports
Fix #3709
2020-03-26 11:39:02 +01:00
Emery Hemingway
45a74023a7 part_block: support for up to 128 sessions
Allow sessions for each of the 128 sessions supported by GPT.

Fix #3705
2020-03-26 11:38:59 +01:00
Alexander Boettcher
6f3f46c7ba top: support affinity space height up to 4
Issue #3635
2020-03-26 11:38:59 +01:00
Alexander Boettcher
2064ffd64b nova: support multidimensional affinity space
Fixes #3635
2020-03-26 11:38:59 +01:00
Norman Feske
685bd763f9 ldso: place dynamic allocations within linker area
This is needed to execute the tool-chain scenario on base-nova.
Otherwise, the fork mechanism stumbles upon a region conflict
between ldso allocations and the application heap.

Fixes #3706
2020-03-26 11:38:59 +01:00
Norman Feske
0f3ac4cb9f base-hw: let upgrade_cap_slab reflect Out_of_caps
This patch reflects the Out_of_caps exception from core to the client,
in addition to the already covered Out_of_ram exception. It thereby
eliminates a potential abort in core, which I observed with the
tool_chain_auto.run script:

  Kernel: RPC upgrade_cap_slab
  Error: Uncaught exception of type 'Genode::Quota_guard<Genode::Cap_quota>::Limit_exceeded'
  Warning: abort called - thread: entrypoint

In addition to propagating the exception, the patch add the client-side
exception-handling code to the base library.

Fixes #3703
2020-03-26 11:38:59 +01:00
Norman Feske
208294b0d3 Turn pkg/noux-system into pkg/system_shell
The new package does no longer require noux.

Issue #3696
2020-03-26 11:38:59 +01:00
Norman Feske
cf052996d3 Remove pkg/noux-build-x86
Use-case-specific Unix runtimes should better be realized via Goa now.

Issue #3696
2020-03-26 11:38:58 +01:00
Norman Feske
4961c84f12 Remove noux from vbox_share.inc
This snippet is used by the vbox5_win7_64_share.run script.

Issue #3696
2020-03-26 11:38:58 +01:00
Norman Feske
2f598e5680 Remove noux_uname.run script
This run script is outdated and not regularly tested. In fact, the
tested mechanism (obtaining values from a '.sysctl/' directory) is
nowhere to be found, neither in noux nor the libc. The test still
returns success as it merely checks for the completion of the sequence,
not the printed results. Hence, it is not worth preserving.

Issue #3696
2020-03-26 11:38:58 +01:00
Norman Feske
951f484fad Remove noux_gdb.run script
This interactive run script is not regularly tested nor used.

Issue #3696
2020-03-26 11:38:58 +01:00
Norman Feske
c086bba71a Remove noux_fs.run
The test exercised the mounting of an ext2 file system in the noux
runtime. This feature is nowadays routinely stressed by Sculpt OS.

Issue #3696
2020-03-26 11:38:57 +01:00
Norman Feske
5a02b5fd23 Remove noux_fork.run script
This run script is superseded by pkg/test-fork.

Issue #3696
2020-03-26 11:38:57 +01:00
Norman Feske
50a1e540a0 Remove noux_bash.run script
This run script is superseded by the bash.run script.

Issue #3696
2020-03-26 11:38:57 +01:00
Norman Feske
b8738dee90 Remove noux_terminal_fs.run script
This run script tested the terminal VFS plugin as a new feature of noux.
In the meantime, the plugin remains as the only way for the interaction
of command-line-based applications with the terminal session. Hence,
the mechanism is now stressed by many other scenarios.

Issue #3696
2020-03-26 11:38:57 +01:00
Norman Feske
a7e7eeec38 Remove noux from Vim example scenario
Issue #3696
2020-03-26 11:38:57 +01:00
Norman Feske
1d480e3329 Remove noux from tool-chain test
Issue #3696
2020-03-26 11:38:57 +01:00
Norman Feske
3b427824a7 ports/make: avoid aliasing with libc symbols
This patch prefixes a few symbols in the make binary that are offered by
both the libc and the make binary. The clash of symbol names produces
confusing runtime linkage otherwise. This becomes a problem during
fork/evecve.
2020-03-26 11:38:57 +01:00
Norman Feske
923c38f7cd libc: allocate errno of main thread statically
The thread-local errno instance for the main thread must not be
allocated on the application heap because it must survive 'execve'.

Fixes #3701
2020-03-26 11:38:57 +01:00
Norman Feske
ee6d38a770 libc: prune session labels of forked processes
This patch reduces the size of session labels for all services other
than LOG, keeping only the last element. This avoids exceeding the
maximum label length in the presence of deep fork hierarchies, e.g., for
running the tool chain.

Fixes #3700
2020-03-26 11:38:57 +01:00
Christian Helmuth
dd524b56fa libc: propagate socket config to child processes
Fixes #3698
2020-03-26 11:38:57 +01:00
Norman Feske
4fe4c9aa63 vfs/pipe: trigger I/O-progress handler on EOF
When the last writer closes the pipe, we must trigger the I/O progress
handler to deliver the final EOF to the client (READ_OK with out count
of 0).

Fixes #3697
2020-03-26 11:38:56 +01:00
Norman Feske
e3bc77c386 Remove noux from SSH exec terminal
This patch replaces the former Noux instance by a sub init that hosts
the combination of VFS + fs_rom + bash. If bash exits, the whole sub
init exits, which implicitly tears down the terminal session used by the
sub init. The latter is expected by the test sequence.

Issue #3696
2020-03-26 11:38:56 +01:00
Norman Feske
cacbad1bd8 Remove noux from ssh_terminal.run
Issue #3696
2020-03-26 11:38:56 +01:00
Norman Feske
cc8552f81e Remove noux_vfs_audit.run
This run script was merely a development vehicle.

Issue #3696
2020-03-26 11:38:56 +01:00
Norman Feske
34a60b56f6 Remove noux from fs_query.run
Issue #3696
2020-03-26 11:38:56 +01:00
Norman Feske
25f7fdcb40 Remove noux from vfs_import.run
Issue #3696
2020-03-26 11:38:56 +01:00
Norman Feske
b6d3063ada Remove noux and cpu_sampler_noux from autopilot
Issue #3696
2020-03-26 11:38:56 +01:00
Norman Feske
c2cf0ae8c6 os/vfs.h: fix possible nullptr dereference
Fixes #3694
2020-03-26 11:38:56 +01:00
Norman Feske
7f5186d489 vfs/tar: return inode numbers of null records
The tar vfs plugin returns an inode value of zero and a type directory
for null records, which wrongly triggers the file-system loop detection
of the find utility. This patch returns the node pointer as inode value
instead, which is a unique value.

Fixes #3695
2020-03-26 11:38:56 +01:00
Norman Feske
e67f389da1 Add fork test to depot autopilot 2020-03-26 11:38:56 +01:00
Norman Feske
4ebc164c11 Add execve test to depot autopilot 2020-03-26 11:38:56 +01:00
Martin Stein
886d0da57c ping_nic_router.run: test dhcp renew
Ref #3681
2020-03-26 11:38:56 +01:00
Norman Feske
2912096f6e vfs: distinguish NO_PERM from NO_ENTRY in unlink
This patch changes the 'Single_file_system' to return NO_PERM only if
the to-be-unlinked file corresponds to the single file. This way, a
<rom> co-mounted with a <ram> file-system does not stand in the way of
unlinking files from the <ram>. The concrete symptom occurred the
following scenario:

  <vfs>
    <dir name="home">
      <ram/>
      <rom name="..."/>
    </dir>
  </vfs>

The following sequence of commands wrongly resulted in "Operation not
permitted":

 $ mkdir -p /home/a/b/c
 $ rm -f /home/a/b/c/d

In this case, rm should not fail (unlink should return ENOENT)

Fixes #3690
2020-03-26 11:38:55 +01:00
Martin Stein
ba55409c86 nic_router: keep dyn IP when updating domain obj
When updating the domain object of interfaces that stay with the same domain
during a reconfiguration, until now, the normal "detach raw" function was used.
This caused the old domain object to discard a dynamic IP config as all
interfaces detached. This caused interfaces also to discard network links
established with the old configuration although it wasn't necessary. Thus, now
we use a dedicated "detach" in case that an interface actually stays with its
domain. This new "detach" doesn't decrease the interface counter of the domain,
so, it'll not discard its dynamic IP config. If, however, during a
reconfiguration, there's no interface calling this function (all interfaces
move to another or no domain), the dynamic IP config is still discarded as
expected.

Fixes #3686
2020-03-26 11:38:55 +01:00
Martin Stein
f3185de7f5 nic_stress: further reduce nr of rounds on sel4
Otherwise, the limit of caps in Capability_space_sel4 in the NIC router is
reached.

Fixes #3684
2020-03-26 11:38:55 +01:00
Martin Stein
c1b6000248 nic_router: don't call DHCP client on requests
Until now, the DHCP client was called also for DHCP requests when an interface
had a domain but yet no IP config. Now, an interface distinguishes between DHCP
requests and replies first and then accordingly calls the DHCP server or the
DHCP client if they're available. This also prevents that the DHCP client has
to handle packet headers other than that of DHCP.

Fixes #3681
2020-03-26 11:38:55 +01:00
Martin Stein
0a468a07a7 nic_router: fix lifetime of DHCP clients
Let the DHCP client be a constructible member of Interface that is constructed
only as long as the interface is attached to a domain with a dynamic IP config.
This prevents DHCP client timeouts from a period with dynamic IP config to
trigger after a reconfiguration to a static IP config. Furthermore, handle
DHCP-reply packets at an interface only when the DHCP client its constructed.
Otherwise drop such packets.

Ref #3681
2020-03-26 11:38:55 +01:00
Stefan Kalkowski
6d48b5484d hw: correct the ARM cache maintainance operations
This commit fixes the following issues regarding cache maintainance
under ARM:

* read out I-, and D-cache line size at runtime and use the correct one
* remove 'update_data_region' call from unprivileged syscalls
* rename 'update_instr_region' syscall to 'cache_coherent_region' to
  reflect what it doing, namely make I-, and D-cache coherent
* restrict 'cache_coherent_region' syscall to one page at a time
* lookup the region given in a 'cache_coherent_region' syscall in the
  page-table of the PD to prevent machine exceptions in the kernel
* only clean D-cache lines, do not invalidate them when pages where
  added on Cortex-A8 and ARMv6 (MMU sees phys. memory here)
* remove unused code relicts of cache maintainance

In addition it introduces per architecture memory clearance functions
used by core, when preparing new dataspaces. Thereby, it optimizes:

* on ARMv7 using per-word assignments
* on ARMv8 using cacheline zeroing
* on x86_64 using 'rept stosq' assembler instruction

Fix #3685
2020-03-26 11:38:55 +01:00
Stefan Kalkowski
3a862334fc depot_autopilot: re-enable test-fs_packet on rpi
Fixes #3249
2020-03-26 11:38:55 +01:00
Alexander Boettcher
cd1c0aace3 nova: remove specific stack area location
and use instead the generic one of base

Fixes #3654
2020-03-26 11:38:55 +01:00
Sebastian Sumpf
6e54cad44c usb_block: switch to Request_stream API
- remove old 'Driver' interface
- implement Request stream front end
- fix some namespacing

issue #3661
2020-03-26 11:38:55 +01:00
Josef Söntgen
a71ef16423 vfs: implement 'sync' in Block VFS plugin
Fixes #3659.
2020-03-26 11:38:55 +01:00
Sebastian Sumpf
2495a86aff block_tester: add 'sync' command to replay
issue #3636
2020-03-26 11:38:55 +01:00
Sebastian Sumpf
5225d12381 ahci: add sync operation support
- implemement 'flush cache ext' for ATA
- enable sync operation for request stream

issue #3636
2020-03-26 11:38:54 +01:00
Alexander Boettcher
e096202b1f hw/x86: use PAT for write combining support
Fixes #3623
2020-03-26 11:38:54 +01:00
Alexander Boettcher
44ace04b95 hw/x86: add cpuid register macro
Issue #3623
2020-03-26 11:38:54 +01:00
Alexander Boettcher
507a34b3d0 hw/x86: implement wrmsr in macro
Issue #3623
2020-03-26 11:38:54 +01:00
Christian Helmuth
677d9abd07 rtc: system_rtc pkg for PC and Linux
This depot package is the runtime for rtc_drv and system_rtc server with
coordinated update of system and hardware RTC via reports. It replaces
drivers_rtc which was never freestanding drivers package and, therefore,
has to be accompanied with a running platform_drv etc.

Fixes #3680
2020-03-26 11:38:54 +01:00
Christian Helmuth
e66726e931 rtc: use depot archives in test
Issue #3680
2020-03-26 11:38:54 +01:00
Christian Helmuth
cda778a94d rtc: recipe for linux_rtc_drv
Issue #3680
2020-03-26 11:38:54 +01:00
Sebastian Sumpf
a799a5f978 os: adjust tests to changed output of block client
issue #3671
2020-03-26 11:38:54 +01:00
Sebastian Sumpf
f5a6d85bc2 os: expand block_tester.run
- use two disks with two partitions each
- one disk uses MBR and one GPT
- connect one 'part_block' to each disk
- run 'block_tester' and 'test-block-client' connecting to one partiion
  on each disk
- x86 uses 'ahci_drv' as disk back-end, Linux 'lx_block'
- on autopilot enable for Qemu only

issue #3671
2020-03-26 11:38:54 +01:00
Christian Prochaska
8535688605 qt5: handle Genode signals as Qt signals in QPA plugin
Fixes #3688
2020-03-26 11:38:54 +01:00
Johannes Schlatow
aee5b59c51 Backport changeset 82268 from virtualbox
Fixes #3689
2020-03-26 11:38:54 +01:00
Norman Feske
e2b9308b11 lx_hybrid_errno.run: add missing parent services 2020-03-26 11:38:54 +01:00
Alexander Boettcher
97bbad5aea nova: avoid dying thread in platform.run
Avoids timely interference by dying thread.

Fixes #3670
2020-03-26 11:38:54 +01:00
Christian Helmuth
d452094f43 Only rewind next-free pointer in Bit_allocator
Formerly, _next was always updated to the last free'd allocation, which
left large gaps on alloc/free bursts. Now, we try keep allocation
density high from the start of the array and ensure that allocations
happen at the lowest available index in the bit array.

Fixes #3679
2020-03-26 11:38:53 +01:00
Piotr Tworek
139f390317 libc: Expose timespec_get symbol.
The function is exposed in libc headers provided by Genode, the code for
the function is being compiled and actually works, but the symbol is
missing from the symbols file resulting in linking failures. Add it to
the libc symbols file.

Fixes #3676
Fixes #3677
2020-03-26 11:38:53 +01:00
Emery Hemingway
9ee1045aad Remove SVN build dependency from libc port
Fixes #3678
2020-03-26 11:38:53 +01:00
Norman Feske
25c85fab18 sculpt: version 20.03
This patch increases the Sculpt version to avoid the risk of binary
compatibility clashes with index files published for the just-released
Sculpt 20.02 version.
2020-03-26 11:38:53 +01:00
Christian Helmuth
bf36d9eb48 depot: update recipe hashes 2020-03-09 16:02:56 +01:00
Norman Feske
9d24e906a8 text_area: fix interplay of shift with selection
Without this patch, the text area would mistakenly delete the characters
types after placing the cursor with the mouse as soon as shift is used
as modifier.
2020-03-09 15:41:29 +01:00
Norman Feske
44e4d1bd6c Update Sculpt documentation for version 20.02 2020-03-09 15:41:29 +01:00
Norman Feske
ab5770c492 sculpt: improve USB hotplug handling
- Don't reset sculpt partition on USB changes whenever ram fs is
  selected for use.

- Reconfigure runtime immediately when plugging USB devices.
  This prevents the usb-block driver and part_block from
  dangling in the graph. They disappear immediately now.
2020-03-09 15:36:21 +01:00
Norman Feske
a90eab8b9a menu_view: reduce frame transparency
This makes the dialog content better readable.
2020-03-09 15:36:21 +01:00
Norman Feske
e54e4dd532 sculpt: anchor popup position at '+' button
This patch restores the anchoring of the popup menu to the original
behavior, placing the popup to the right of the '+' button. The
anchoring got lost due to the recent structural changes of the GUI,
which affect the hover XML structure.
2020-03-09 15:36:21 +01:00
Sebastian Sumpf
c856ba2a49 ahci: report ports correctly
Only use one report for devices report, not one per device

fixes #3671
2020-03-09 15:36:21 +01:00
Christian Helmuth
5affd51250 depot: update recipe hashes 2020-02-28 08:59:43 +01:00
Norman Feske
fce9cd8c22 sculpt manager: use runtime state report max of 1M
With complex scenarios, supplementing the <report> node with the
attribute 'requested' or 'provides' can easily result in a report of
more than 64K.
2020-02-27 14:47:00 +01:00
Christian Prochaska
8faa916d93 gdb_monitor.run: increase RAM quota
Fixes #3667
2020-02-27 14:47:00 +01:00
Christian Helmuth
e52802162c libc: reimplement synchronization primitives
The new implementation relieves the main entrypoint from monitor jobs
for contended lock primitives and is based on custom applicant data
structures, per-lock resp. per-semaphore applicant lists, and a
libc-internal blockade with timeouts based on libc kernel primitives.
2020-02-27 14:47:00 +01:00
Josef Söntgen
f3ec246b67 base: remove diagnostic message in destructor
The LOG message in the Signal_handler_thread's destructor is just an
diagnostic leftover.

Fixes #3666.
2020-02-27 14:46:59 +01:00
Christian Prochaska
434c9ceb5d vbox5-nova: document possible 'Blocking_canceled' exception
Fixes #3664
2020-02-27 14:46:59 +01:00
Norman Feske
c3fb81d1a1 window_layouter: improve rules formatting
This is a follow-up patch for "window_layouter: add dynamic screen
handling".

Issue #3646
2020-02-27 14:46:59 +01:00
Norman Feske
c340f57207 Xml_node: skip leading whitespace in with_raw_node
This patch makes the 'with_raw_node' method more useful in situations
where content of an Xml_node is fed into an Xml_generator, i.e., the
rules report/rom mechanism of the window layouter.
2020-02-27 14:46:59 +01:00
Norman Feske
bbe1bf9c3a fs_query.run: increase timeout
This is apparently needed for base-foc on Qemu/x86.
2020-02-27 14:46:59 +01:00