Commit Graph

5708 Commits

Author SHA1 Message Date
Emery Hemingway
eaeb77a867 drivers/nic/linux: replace Thread_deprecated
Ref #1987
2017-05-31 13:16:09 +02:00
Christian Helmuth
6d25c614d3 libc: remove deprecated API from malloc() 2017-05-31 13:16:09 +02:00
Christian Prochaska
90b5679332 mixer_gui_qt_test: fix window management routes 2017-05-31 13:16:09 +02:00
Christian Prochaska
e7c2c790de avplay: fix audio_drv route 2017-05-31 13:16:09 +02:00
Christian Prochaska
3f6e0738d1 Qt5: adapt to current staging branch (cap quota, ram quota, slave) 2017-05-31 13:16:09 +02:00
Stefan Kalkowski
10e2e223cd foc: remove obsolete features (ref #2405)
Removes the following Fiasco.OC specific features:
* GDB extensions for Fiasco.OC
* i.MX53 support for Fiasco.OC
* Kernel debugger terminal driver
* Obsolete interface Native_pd
* Obsolete function of interface Native_cpu
2017-05-31 13:16:08 +02:00
Stefan Kalkowski
9e3fc9414f foc: update to recent revision r72 (fix #2405) 2017-05-31 13:16:08 +02:00
Christian Helmuth
24a0810cbc trace: disable out-of-metadata test step 2017-05-31 13:16:08 +02:00
Alexander Boettcher
6d8bfb677e vbox5: support more memory for VMs (4GB++)
Issue #2338
2017-05-31 13:16:08 +02:00
Alexander Boettcher
b1419d7566 vbox4/5: add ubuntu vm as testcase 2017-05-31 13:16:08 +02:00
Martin Stein
60a7fe5586 hw & arm: write whole SPSR in mode transition
Previously we did write the SPSR via an MSR instruction without
additional flags. Unfortunately, this tells the CPU to write the
register only partially. This often isn't a problem as the users PSR
reset value normally is conform to our expectations but in some cases
(e.g. PSR endianess bit on WandBoard core #4) the reset value is bad.
Thus, we have to add the CXSF flags (access Control + eXtension + Status
+ Flags) so the CPU overwrites the entire register.

Fixes #2254
2017-05-31 13:16:08 +02:00
Martin Stein
91a8c8975d run: provide core image with path information
Previously, the debugging version of the core image
(<build_dir>/var/run/<run_name>.core) was created by the run tool from
the common core object file
(<build_dir>/var/run/<run_name>/core-<kernel>.o). This object file,
however, was already stripped by the build system and thus didn't
contain debug info anymore. The build system also creates an unstripped
version in <build_dir>/debug/core-<kernel>.o, so we now use this one
for <build_dir>/var/run/<run_name>.core.

Ref #2254
2017-05-31 13:16:07 +02:00
Christian Helmuth
274b7983c1 pistachio: fix compilation with GCC 6
Issue #2372
2017-05-31 13:16:07 +02:00
Norman Feske
433fc6a7f1 base: let 'Local_service' catch all exceptions
This patch eases the debugging of situations where a session-object
constructor wrongly throws an exception type not specified in the
'Local_service::Factory' interface.
2017-05-31 13:16:07 +02:00
Christian Prochaska
7df4497e72 wm: use 'Expanding_ram_session_client'
Use 'env().ram()' instead of a non-expanding 'Ram_session_client'
for 'env().ram_session_cap()'.

Fixes #2408
2017-05-31 13:16:07 +02:00
Norman Feske
4d442bca30 Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.

Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.

This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-31 13:16:07 +02:00
Norman Feske
1f4f119b1e Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.

Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.

At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.

If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:

  <default-route>
    <service name="PD" unscoped_label="timer">
      <parent diag="yes"/>
    </service>
    ...
  </default-route>

For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.

Fixes #2398
2017-05-31 13:16:06 +02:00
Norman Feske
773e08976d Assign cap quotas in run scripts and recipes
Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
e44f65f3b2 core: RAM service based on 'Session_object'
This patch reworks the implementation of core's RAM service to make use
of the 'Session_object' and to remove the distinction between the
"metadata" quota and the managed RAM quota. With the new implementation,
the session implicitly allocates its metadata from its own account. So
there is not need to handle 'Out_of_metadata' and 'Quota_exceeded' via
different exceptions. Instead, the new version solely uses the
'Out_of_ram' exception.

Furthermore, the 'Allocator::Out_of_memory' exception has become an alias
for 'Out_of_ram', which simplifies the error handling.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
028e633af4 base: add 'Session_object' class
The 'Session_object' unifies several aspects of server-component
implementations:

* It keeps track of session quotas and is equipped with standardized
  interfaces (Quota_guard) to upgrade (and in the future potentially
  downgrade) session quotas in a uniform way.

* It follows the pattern of modern RPC objects / signal handlers that
  manage/dissolve themselves at the entrypoint given as constructor
  argument. Thereby, the relationship with its entrypoint is always
  coupled with the lifetime of the session-component object.

* It stores the session label, which was previously done manually by
  most but not all server-component implementations.

* It stores the session 'diag' flag.

* It is equipped with output methods 'diag', 'error', and 'warning'.
  All messages printed from the context of a session component is
  automatically prefixed with the session type and client label.
  Messages passed via 'diag' are only printed if the 'diag' flag of
  the session is set.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
aea5d03691 base: add Child_policy::Route::Diag flag
The 'diag' flag can be defined by a target node of a route in init's
configuration. It is propagated as session argument to the server, which
may evaluate the flag to enable diagnostic output for the corresponding
session.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
3670f7735d base: use 'Quota_transfer::Account' for 'Service'
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.

Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.

With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
5c43074bc6 core: simplify core_env.h
Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
f69937deb1 base: new base/quota_transfer.h helper
The 'Quota_transfer' helper facilitated the implementation of quota
transfers between components in a transactional manner. It is designated
for framework-internal use (replacing the 'Transfer' class in child.h).
However, since it is also useful for init, we make it publicly
available.

The 'Quota_transfer::Account' class serves as an interface representing
the donor or receiver of quotas (parent, service, client).

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
f02c8328db init: access Ram_session as const
This is now possible because the new 'used_ram' and 'ram_quota' RPC
functions are declared as const.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
6609aafb05 Replace Quota_exceeded by Insufficient_ram_quota
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.

Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).

This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
eea493a8ca base: safeguard entrypoint against double manage
This patch adds sanity checks to the RPC entrypoint that detect attempts
to manage or dissolve the same RPC object twice. This is not always a
bug. I.e., if RPC objects are implemented in the modern way where the
object manages/dissolves itself. As the generic framework code (in
particular root/component.h) cannot rely on this pattern, it has to
call manage/dissolve for session objects anyway. For modern session
objects, this double attempt would result in a serious error (double
insertion into the object pool's AVL tree).

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
843dd179d7 base: remove int return types from 'Ram_session'
This patch replaces the existing C-style error codes with C++
exceptions.

Fixes #895
2017-05-31 13:16:04 +02:00
Norman Feske
58f44d39c5 base: use 'Ram_quota' in 'Ram_session' args
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
ff68d77c7d base: new 'Ram_allocator' interface
The 'Ram_allocator' interface contains the subset of the RAM session
interface that is needed to satisfy the needs of the 'Heap' and
'Sliced_heap'. Its small size makes it ideal for intercepting memory
allocations as done by the new 'Constrained_ram_allocator' wrapper
class, which is meant to replace the existing 'base/allocator_guard.h'
and 'os/ram_session_guard.h'.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
5a468919bb base: new session-creation helper types
This patch augments the existing session/session.h with useful types for
the session creation:

* The new 'Insufficient_ram_quota' and 'Insufficient_cap_quota'
  exceptions are meant to supersede the old 'Quota_exceeded' exception
  of the 'Parent' and 'Root' interfaces.

* The 'Session::Resources' struct subsumes the information about the
  session quota provided by the client.

* The boolean 'Session::Diag' type will allow sessions to operate in a
  diagnostic mode.

* The existing 'Session_label' is not also available under the alias
  'Session::Label'.

* A few helper functions ease the extraction of typed session arguments
  from the session-argument string.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
220890534a base: 'Quota_guard' utility for tracking quotas
* Introduces 'Cap_quota' and 'Ram_quota' types
* Introduces 'Out_of_caps' and 'Out_of_ram' exceptions

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
c1b981ede4 Annotate session interfaces with CAP_QUOTA
The new 'CAP_QUOTA' enum value denotes the capability quota to be
transferred from the client to the server at session-creation time.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
bc82cce72b core: add Platform::max_caps()
This method returns the kernel-specific system-global limit of the total
number of capabilities.

Issue #2398
2017-05-31 13:16:03 +02:00
Norman Feske
82a98065a0 base-hw: upgrade cap-space slab less eagerly
This patch upgrades the cap-space slab only if the kernel runs out of
entries, instead of consuming as much PD-session quota as possible.
Until now, the behavior worked well because the cap-space slab was the
only consumer of PD-session quota. However, once we start accounting all
PD session meta data - and eventually merging the PD and RAM services -
the aggressive scheme stands in the way.

Issue #2398
2017-05-31 13:16:03 +02:00
Norman Feske
5b1e3466be base: construct 'Tslab' with allocator reference
The new constructor avoids the use of a pointer.
2017-05-31 13:16:03 +02:00
Norman Feske
f5bdab4518 base: add Slab::avail_entries accessor
This accessor is useful to eagerly expand the slab with new slab blocks,
side stepping the slab's built-in policy for the allocation of new slab
blocks.

This is particularly important when using the slab for allocating the
cap space meta-data for the base-hw kernel. To guarantee that the slab
gets never exhausted in the kernel, it is expanded before entering the
kernel.
2017-05-31 13:16:03 +02:00
Norman Feske
67481fdfc3 base: support exceptions during _new_slab_block
With the introduction of the 'Out_of_caps' exception type, the slab
needs to consider exceptions during the call of '_new_slab_block' by
reverting the 'nested' state.
2017-05-31 13:16:03 +02:00
Christian Helmuth
c79155fd7b libc_ffat: zero-init 'struct tm' on stack
This prevents the following runtime error.

  Error: mktime() returned -1, the file modification time reported by stat() will be incorrect
2017-05-31 13:16:03 +02:00
Christian Helmuth
e9b42a127b dde_linux: download libnl from github.com/thom311
The old download location is very shaky resp. currently unavailable and
also other projects (e.g., Gentoo and Linux From Scratch) use this
location. Note, the archive hash does _not_ change.
2017-05-31 13:16:02 +02:00
Alexander Boettcher
106a0db664 vbox5: update to 5.1.22
Issue #2338
2017-05-31 13:16:02 +02:00
Emery Hemingway
f7d80a9bf9 drivers/ahci: clean exit when no controllers are found
Fix #2402
2017-05-31 13:16:02 +02:00
Johannes Kliemann
aac0ac7c63 dde_linux: kernel-version independent file lists
Replace the version dependent file lists with generic ones to simplify
kernel version changes.

Fixes #2368
2017-05-31 13:16:02 +02:00
Norman Feske
03d7208386 Turn posix lib into shared library
By building the posix library as shared object with an ABI, we
effectively decouple posix-using programs from the library
implementation (which happens to depend on several os-level APIs such as
the VFS).
2017-05-31 13:16:02 +02:00
Christian Helmuth
1828f70037 Fix deprecated warnings in servers
Issue #1987
2017-05-31 13:16:02 +02:00
Christian Helmuth
f41d8d6b14 core: fix compiler warnings 2017-05-31 13:16:01 +02:00
Emery Hemingway
01e8f7ea3d libc: do not open stdio descriptors unless configured to do so
Fix #2396
2017-05-31 13:16:01 +02:00
Emery Hemingway
24a9537a27 File_system: replace per-handle signals with notification packets
Replace registration and signaling of per-handle signal capabilities
with CONTENT_CHANGED notification packets.

Fix #2397
2017-05-31 13:16:01 +02:00
Emery Hemingway
29b3fff5eb app/rom_to_file: catch Node_already_exists and overwrite files
Ref #1934
2017-05-31 13:16:01 +02:00
Stefan Kalkowski
6106e64aac base: remove include/spec/* other than ISA
This commit moves the headers residing in `repos/base/include/spec/*/drivers`
to `repos/base/include/drivers/defs` or repos/base/include/drivers/uart`
respectively. The first one contains definitions about board-specific MMIO
iand RAM addresses, or IRQ lines. While the latter contains device driver
code for UART devices. Those definitions are used by driver implementations
in `repos/base-hw`, `repos/os`, and `repos/dde-linux`, which now need to
include them more explicitely.

This work is a step in the direction of reducing 'SPEC' identifiers overall.

Ref #2403
2017-05-31 13:16:01 +02:00