_timestamp() returns CPU local values which may not be in sync with _ts
taken from another CPU. Be robust and don't produce wraparound/negative
timeout values.
Issue #3657
* Differentiate in between different architectures with assembler routines
for correct measures
* Automate first step measuring of 10G bogomips across different hardware
Fix#3785
Until now, Genode's framebuffer session interface was based on the
RGB565 pixel format. This patch changes the pixel format to 32-bit
XRGB where the X part is ignored. It adapts all graphical applications
and device drivers accordingly.
The patch also adjusts the users of the drivers_interactive packages,
assigning 64 MiB RAM and 1500 caps to the drivers subsystem, which is
sufficient for covering high resolutions at 32 bits per pixel and to
accommodate multi-component USB HID input stacks.
Fixes#3784
The 'vfs_block' component will give access to a VFS file through a
Block session. For more detailed information please look at its
README.
(On a technical note, the server currently only allows for one
active session and has only one pending back end request but can
easily be extended in the future.)
Fixes#3781.
Setting the 'size' attribute will restrict a reader to consume
0s up to the specified amount per VFS handle. The attribute is
parsed as 'Number_of_bytes', which will limit the amount to the
maximum of the addressable memory on the platform.
This addition comes in handy when needing to provide a synthetic
empty file with a fixed size.
Issue #3781.
So far the condition whether to spawn a new job or not depended on
the amount of data already processed. This could lead to spawning
more jobs than necessary if batching is used and in return could
result in creating invalid requests in case the tested block session
is not large enough.
In addition to checking the amount of data the test now stores the
number of the last block and checks if the current request is in
range. This properly limits the total amount of requests.
Issue #3781.
The seek offset has to be updated on partial writes according to the
current write position. Otherwise writes will override the content
at the initial offset.
Fixes#3780.
This commit fixes the 'Out_of_caps' handling. The previous version
mistakenly upgraded the RAM instead the caps as response. The problem
could be triggered by the 'decorator_stress.run' script.
The blit API archive missed the CPU-architecture-specific variants of
the blit library such that all depot binaries worked with the generic
(slow) fallback implementation. This patch adds the missing pieces to
the blit API archive.
Up to now all pthreads get placed on one CPU.
The patch adds support to evaluate a libc pthread configuration specifying
a placement strategy.
The default strategy is now to use all available CPUs as imposed by Genode's
affinity configuration for the pthread application.
The old behaviour, putting all pthreads on one single cpu can be still
configured by:
<libc>
<pthread placement="single-cpu"/>
...
</libc>
Fixes#3775
To enable logging of ROM session deliveries, set the "diag" on
session routes:
<route>
<service name="ROM" label_prefix="/bin/">
<child name="cached_fs_rom" diag="yes"/>
</service>
…
<route>
Fix#3772
Make the framebuffer driver for pl11x chipsets,
the ps2 input driver for pl050, and the lan9116 NIC driver independent from
the pbxa9 board by using the newly introduced common ARM platform driver API.
Ref #3299
* Remove input driver specific to i.MX53 tablet board from QSB driver pkg
* Move GPIO settings for QSB LVDS backlight out of framebuffer driver into
GPIO driver config
* Move PWM driver functionality out of framebuffer driver
* Make framebuffer driver configureable, and less dependent on
platform driver i.MX53 specifics
base-linux uses seccomp to reduce the available system calls
to the minimum set needed to run base-linux. There are still
some syscalls that allow accessing global state which should
be further reduced.
The combination of seccomp and socket descriptor caps should
provide an intermediate level of security for base-linux
thereby enabling base-linux as a migration path from using
the Linux kernel to the use of microkernel-based Genode.
Fixes#3581
Add the option to configure the RAM quota for core on base-linux.
The environment variable GENODE_RAM_QUOTA if it exists is interpreted
as number of bytes to provide to the first init.
Issue #3762
- Since Genode::strncpy is not 100% compatible with the POSIX
strncpy function, better use a distinct name.
- Remove bogus return value from the function, easing the potential
enforcement of mandatory return-value checks later.
Fixes#3752
This patch is a workaround for the missing implementation of
'Pd_session::transfer_quota' interface by the GDB monitor's PD service.
The missing implementation becomes problematic with the changes of #3750
that enabled the cap-quota accounting for core's CPU service.
In regular scenarios without the GDB monitor, the client of
'Cpu_session::create_thread' deals with Out_of_caps or Out_of_ram by
upgrading the CPU session's cap and RAM quotas. This, in turn, results
in a sequence of 'transfer_quota' operations at the parent.
Since GDB monitor implements a custom PD service, these 'transfer_quota'
calls try to transfer quota between sessions provided by core and those
provided by the GDB monitor. This does of course not work. To fix this
issue, the GDB monitor needs a major overhaul. This patch side-steps
the problem by handing Out_of_caps and Out_of_ram from the debuging
target.
As discovered by Johannes Kliemann, peeking at buffered socket data
using 'recv' and 'MSG_PEEK' is not supported. Read a "peek" control file
from the socket directory to attempt to peek into buffers at the
socket_fs. Support for every feature of POSIX sockets cannot be
expected, but this one is trivial to implement.
Fix#2875
The driver always opens the audio device in duplex mode, i.e.,
playback and recording. Setting the 'playback' or 'recording' attribute
only influnces the service announcement. Due to changes made in a more
recent OpenBSD release recording must be set enabled explicitly anyway.
Since we already provide the interface that mirrors the one used by
OpenBSD 1:1 in the configuration use that and the remove the additional
config attributes.
Fixes#3757.
The former ldso-startup static library (now called ldso_so_support) is
used to spice each shared object/library with local support code for the
dynamic linker (execution of static constructors and ARM-EABI).
Therefore, the library must be statically linked to each dynamic
library.
As a result recipes for dynamic libraries must always depend on the "so"
API, which makes ldso_so_support.mk and so_support.c available
independent of "base". Additionally, ldso_so_support is also provided in
the libc API to cut the dependency early for libc/posix libraries.
Issue #3720
If a "cat" tool as simple as the removed one is needed, it should be
implemented with Goa, only depend on libc/posix (*not* base), and be
named "simple_cat". Up to today, the misleading naming of the removed
tool, tricked me into believing "test-pipe" tests POSIX pipes, which it
did not!
This patch fixes the handling of the corner case where the allocation of
a trace buffer throws 'Out_of_caps' or 'Out_of_ram'. Under this
circumstance, the '_buffer' would still be flagged with the 'size',
which prevented any subsequent allocation attempt. This patch fixes the
problem by initializing the 'size' after the potentially throwing
allocation.
The problem triggered with the test-trace_logger after the accounting of
core's TRACE service (replacing the 'Allocator_guard' by
'Constrained_ram_allocator') became more accurate.
Related to issue #3750
The 'WHITESPACE' case of the _calc_len method wrongly accessed the
character before checking upper bound of the token. The problem is fixed
by switching the order of both conditions.
Fixes#3756
This patch removes old 'Allocator_guard' utility and replaces its use
with the modern 'Constrained_ram_allocator'.
The adjustment of core in this respect has the side effect of a more
accurate capability accounting in core's CPU, TRACE, and RM services.
In particular, the dataspace capabilities needed for core-internal
allocations via the 'Sliced_heap' are accounted to the client now.
The same goes for nitpicker and nic_dump as other former users of the
allocator guard. Hence, the patch also touches code at the client and
server sides related to these services.
The only remaining user of the 'Allocator_guard' is the Intel GPU
driver. As the adaptation of this component would be too invasive
without testing, this patch leaves this component unchanged by keeping a
copy of the 'allocator_guard.h' locally at the component.
Fixes#3750
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.
Related to issue #3581
The sandbox library supports the forwarding of session requests from the
outside to one of the hosted children according to a policy. This patch
introduces the distinction between two cases, which previously triggered
the denial of the session request.
- There exists no matching policy for the requested session
- There exists a matching policy but the referred server child
does not exist (yet)
Whereas the proper response to the first case is the denial of the
request, the second case can occur in situation where a dynamic init is
used to implement a staged startup, for example via the deploy
mechanism. In such cases, a policy may exist as a static rule while the
server has not been started yet. This patch changes the behavior such
that such requests are stalled.
The patch is accompanied with test cases for exercising both situations.
Fixes#3733
If trace is enabled for component than an attempt to put message into
trace buffer is performed using log_output policy. If it succeeds than
message is not put to logs using log service.
Fixes#3714
On Linux, Genode used to represent each RPC object by a socket
descriptor of the receiving thread (entrypoint) and a globally-unique
value that identifies the object. Because the latter was transferred as
plain message payload, clients had to be trusted to not forge the
values. For this reason, Linux could not be considered as a productive
Genode base platform but remained merely a development vehicle.
This patch changes the RPC mechanism such that each RPC object is
represented by a dedicated socket pair. Entrypoints wait on a set of
the local ends of the socket pairs of all RPC objects managed by the
respective entrypoint. The epoll kernel interface is used as the
underlying mechanism to wait for a set of socket descriptors at the
server side.
When delegating a capability, the remote end of the socket pair is
transferred to the recipient along with a plaintext copy of the
socket-descriptor value of the local end. The latter value serves as a
hint for re-identifiying a capability whenever it is delegated back to
its origin. Note that the client is not trusted to preserve this
information. The integrity of the hint value is protected by comparing
the inode values of incoming and already present capablities at the
originating site (whenever the capability is invoked or presented to the
owner of the RPC object).
The new mechanism effectively equips base-linux with Genode's capablity
model as described in the Chapter 3 of the Genode Foundations book.
That said, the sandboxing of components cannot be assumed at this point
because each component has still direct access to the Linux system-call
interface.
This patch is based on the extensive exploration work conducted by
Stefan Thoeni who strongly motivated the inclusion of this feature into
Genode.
Issue #3581
Older ARM processors like ARMv6, or Cortex A8 need to write back changes
of the page-tables to physical ram because the MMU does not use the cache.
This naturally needs to be done not only when adding a mapping,
but on removal too.
Fix#3715
The topics are either covered by the Genode Founations book for by our
tools, in particular the integration of the prepare_port mechanism with
the run tool.
- don't use 'qemu -serial mon:stdio' anymore as it no longer works as
expected
- use "bash -l" with [terminal] to read user's profile configuration,
e.g., PATH settings
- added missing boot modules and cap quotas
This commit puts all C++ runtime/support symbols of ld.lib.so in a
dedicated section of base/lib/symbols/ld and mirrors the section to
libports/lib/symbols/libc. So, the libc ABI resolves potential C++
runtime dependencies of base-ABI-agnostic components at link time. The
runtime resolution is done by the linker by symbol lookup in ld.lib.so.
Issue #3720
config_0.xml.tmp:26: element config: Schemas validity error :
Element 'config': Character content other than whitespace is
not allowed because the content type is 'element-only'
Issue #3612
This patch increases the default limit of the maximum number of open
file descriptors to the hard limit of the system. This is needed for
complex scenarios, which require more FDs than the default of 1024
at core.
Related to issue #3581Fixes#3721
This commit fixes a regression introduced by "window_layouter: add
dynamic screen handling", rendering the sub-division of screens in
columns and row unusable. The said commit removed a condition needed
for the correct window placement. This patch restores the condition.
Issues #3646
This patch also introduces the use of the RTC for creating directory
names and increases the rate of snapshot creation from 10 seconds to
one minute to make sure that directories are named differently when
reading the RTC clock at granularity of minutes.
Issue #3696
This patch avoids calls of '__sys_getstatfs' (indirectly via
'getmntinfo'), which does not return any meaningful values in Genode's
libc. Otherwise, the libc's dummy implementation prompts resize2fs to
back out.
Issue #3696
