This is important to issue sync requests for written-to files.
As the closing must be performed by an atexit handler, it happens at a
time _after_ libc plugins are destructed. Consequently an FD allocated
by such a plugin results in a close error, which in turn, does not
destruct the FD. We ultimatedly end up in an infinte loop of
re-attempting the close. For this reason, the patch changes 'close' to
be robust against this special case.
This is generally not a problem because libc plugins are phased out.
However, at present, the libc_noux plugin is still important. With the
changed 'close' in place, there occurred an error message "Error: close:
close not implemented" at the exit of each noux program. This patch
removes the error printing from the libc plugin mechansim to avoid this
noise. The error messages are not important anyway because the
deprecation of the libc plugin interface.
Issue #3578
The getpeername function is provided only by the socket fs.
In the case where the socket fs is not configured, return an appropriate
errno instead probing for a libc plugin (there is none).
Issue #3578
- Close FDs marked with the close-on-execve flag
(needed for 'make', which sets the flag for the pipe-in
FD of forked children)
- Update binary name on execve to use as ROM for subsequent fork
- Enable vfork as an alias for fork (needed by make)
- Purge line buffers for output streams during execve because they
may be allocated at the allocation heap, which does not survive
the execve call.
- Consider short-lived processes that may exit while the parent still
blocks in the fork call.
With these changes, the website generator of genodians.org works without
the need for the Noux runtime.
Issue #3578
fd > FD_SETSIZE cannot use 'select' or 'poll' within our libc.
Therefore, we added a bit allocator in order to allocate fd < FD_SETSIZE
(1024).
fixes#3568
'dlopen' causes the ldso to open ROM connections, right now we only
support single file names for these ROM not paths. Therefore, we extract
the file name from path within libc's 'dlopen'
fixes#3551
Add a new plugin for creating pipes between pairs of VFS handles. It is
intended to replace the libc_pipe plugin, one of the last remaining libc
plugins.
In contrast to the libc_pipe plugin, this plugin defers cross-handle
notification until I/O signal handling rather than block and unblock
readers using a semaphore. This is a performance regression in the case
of multiple threads blocking on a pipe, but shall be an intermediate
mechanism pending renovations within the libc VFS and threading layers.
As a side effect, threads blocked on a pipe might not be resumed until
the main thread suspends and dispatches I/O signals.
The "test-libc_pipe" test has been adjusted to use the VFS pipe plugin
and tests both local pipes and pipes hosted remotely in the VFS server.
Merge adaptations (such as EOF handling, adjustment to VFS/libc
interface changes) by Norman Feske.
Fix#2303
This patch reduces the debug noise for the prominent case of executing
bash with coreutils. Without it, the forked process will always ask for
more RAM immediately when starting up.
This patch improves the libc's write operation to iterate on partial
writes to continuous files until the original write count is reached.
The split of large write operations into small partial writes as
dictated by the VFS infrastructure (e.g., constained by I/O buffer
sizes) becomes invisible to the libc-using application.
Issue #3507
Issue #2303
This patch adds the ability to call 'kill' with the own PID to trigger
the execution of the handler of the specified POSIX signal. This is used
by 'bash', e.g., when cancelling the input of a command via control-c.
Related to issue #3546
It runs pretty well on Raspberry Pi, for example.
Leaving this scenario limited to x86 for autopilot runs only.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes#3536
Prevents integration failures like follows if the libraries were not
built already in the build directory.
Missing boot modules: libm.lib.so posix.lib.so
Makefile:323: recipe for target 'run/lwip_lx' failed
This adds two new boolean attributes to the <report> tag of the NIC router
configuration 'link_state' and 'link_state_triggers'. The former decides
whether to report the link state of each NIC interface (downlink, uplinks) at
the NIC router. The other decides whether to trigger reporting each time the
link state of an interface changes.
Fixes#3527
This patch introduces a new scheme of handling ioctl operations that
maps ioctls to pseudo-file accesses, similar to how the libc maps socket
calls to socket-fs operations.
A device file can be accompanied with a (hidden) directory that is named
after the device file and hosts pseudo files for triggering the various
device operations. For example, for accessing a terminal, the directory
structure looks like this:
/dev/terminal
/dev/.terminal/info
The 'info' file contains device information in XML format. The type of
the XML node corresponds to the device type. E.g., If the libc receives
a 'TIOCGWINSZ' ioctl for /dev/terminal, it reads the content of
/dev/.terminal/info to obtain the terminal-size information. In this
case, the 'info' file looks as follows:
<terminal rows="25" columns="80/>
Following this scheme, VFS plugins can support ioctl operations by
providing an ioctl directory in addition to the actual device file.
Internally, the mechanism uses the 'os/vfs.h' API to access pseudo
files. Hence, we need to propagate the Vfs::Env to 'vfs_plugin.cc' to
create an instance of a 'Directory' for the root for the VFS.
Issue #3519
The run script used to be the only user of the fatfs_fs server, which
we're going to remove. This patch removes the components for accessing a
real storage device and file system from the run script. The new version
just uses ram_fs.
Issue #3512
This patch extends the 'File_system::Status',
'File_system::Directory_entry', and the related 'Vfs' types with
the following additional information:
- Distinction between continuous and transactional files (Node_type)
(issue #3507)
- Readable, writeable, and executable attributes (Node_rwx),
replacing the former 'mode' bits
(issue #3030)
The types 'Node_rwx', 'Node_type' are defined twice,
once for the VFS (vfs/types.h) and once for the 'File_system'
session (file_system_session/file_system_session.h).
Similarly, there is a direct correspondance between
'Vfs::Directory_service::Dirent' and 'File_system::Directory_entry'.
This duplication of types follows the existing pattern of keeping the
VFS and file-system session independent from each other.
By specifying <libc update_mtime="no"...>, the modification-time update
on VFS-sync operations (as issued whenever a written file is closed)
can explicitly be disabled.
Issue #1784
This patch complements the commit "libc: execve" with the ability to
execute files stored at arbitrary sub directories of the file system.
Issue #3481
Issue #3500
This patch replaces the naive dup2 implementation (that merely
duplicated the context pointer) by the replication of the original
FD state by re-opening the same file with the same flags and seek
position. This prevents a potential double release of the VFS handle
(the FD context). It also implements 'dup'.
Fixes#3505Fixes#3477
- Eliminate call of global libc_config()
- Remove dynamic memory allocation, const cast
- Prepare for moving the state from compilation unit to header
- Fix run/libc_getpwent.run
Issue #3497
This patch unifies the patterns of using the 'Genode' and 'Libc'
namespaces.
Types defined in the 'internal/' headers reside in the 'Libc'
namespace. The code in the headers does not need to use the
'Libc::' prefix.
Compilation units import the 'Libc' namespace after the definition of
local types. Local types reside in the 'Libc' namespace (and should
eventually move to an 'internal/' header).
Since the 'Libc' namespace imports the 'Genode' namespace, there is
no need to use the 'Genode::' prefix. Consequently, code in the
compilation units rarely need to qualify the 'Genode' or 'Libc'
namespaces.
There are a few cases where the 'Libc', the 'Genode', and the global
(libc) namespaces are ambigious. In these cases, an explicit
clarification is needed:
- 'Genode::Allocator' differs from 'Libc::Allocator'.
- 'Genode::Env' differs from 'Libc::Env'.
- Genode's string functions (strcmp, memcpy, strcpy) conflict
with the names of the (global) libc functions.
- There exist both 'Genode::uint64_t' and the libc'c 'uint64_t'.
Issue #3497
This patch is the first step of re-organizing the internal structure of
the libc. The original version involved many direct calls of global
functions (often with side effects) across compilation units, which
made the control flow (e.g., the initialization sequence) hard to
follow.
The new version replaces those ad-hoc interactions with dedicated
interfaces (like suspend.h, resume.h, select.h, current_time.h). The
underlying facilities are provided by the central Libc::Kernel and
selectively propagated to the various compilation units. The latter is
done by a sequence of 'init_*' calls, which eventually will be replaced
by constructor calls.
The addition of new headers increases the chance for name clashes with
existing (public) headers. To disambiguate libc-internal header files
from public headers, this patch moves the former into a new 'internal/'
subdirectory. This makes the include directives easier to follow and the
libc's source-tree structure more tidy.
There are still a few legacies left, which cannot easily be removed
right now (e.g., because noux relies on them). However, the patch moves
those bad apples to legacy.h and legacy.cc, which highlights the
deprecation of those functions.
Issue #3497
- readv_writev: move 'rw_lock' instance into a function scope,
constructing the instance on the first access.
- select: move 'select_cb_list' instance into function scope.
- thread: move 'key_list_lock' and 'keys' into function scope.
- rwlock, semaphore, socket_fs_plugin, thread, thread_create:
instantiate 'Libc::Allocator' per use, alleviating the need for a
global instance.
Issue #3496
Implement getifaddrs and freeifaddrs within the libc using socket
control files at the VFS. Add an "address" and "netmask" file to the
lwIP plugin.
Only a single IPv4 address is initially supported, and the broadcast
address returned will never be valid.
Fixes#3439
This patch implements 'execve' in Genode's libc.
The mechanism relies on the dynamic linker's ability to replace the
loaded binary while keeping crucial libraries - in particular the libc -
intact. The state outside the libc is wiped. For this reason, all libc
internal state needed beyond the 'execve' call must be allocated on a
heap separate from the application-owned malloc heap. E.g.,
libc-internal file-descriptor objects must not be allocated or refer to
any memory object allocated from the malloc heap.
Issue #3481
This patch extends the fork test with explicit checks for the cloned
content of the heap and RW segment as well as the seek position of an
open file descriptor. It adds the new libports/run/fork.run script
that exercises the fork mechanism implemented by the libc. It is based
on noux_fork.run, which tests the mechansim provided by noux. The
test program has been moved from ports to libports.
Issue #3478
The libc already supports the configuration of 'stdin', 'stdout', and
'stderr' using '<libc>' config attributes. This patch equips the libc
with the additional ability to pre-initialize any other file descriptor.
A file descriptor is configured as follows:
<config>
...
<libc ...>
<fd id="3" path="/dev/log" writeable="yes" readable="no" seek="10"/>
...
</libc>
</config>
Furthermore, this patch moves the FD initialization code from the VFS
plugin to the libc kernel initialization because opening the FDs
depends on 'malloc' ('strdup'), which should not be used at early
'Libc::Kernel' initialization time.
Issue #3478
This patch replaces the former use of an Allocator_avl with the Id_space
utility, which is safer to use and allows for the iteration of all
elements. The iteration over open file descriptors is needed for
implementing 'fork'.
Issue #3478
By using Genode::strncpy instead of the libc's strncpy, we cannot end up
in the situation where the result lacks the zero termination (where the
number of charactors equals the destination buffer size).
These are time-type conversion functions (including leap years and
seconds) taken from musl-libc git rev
c82d3bada30cb27e14abda7859da5d2e784830ff with some adaptions. Musl is
licensed under permissive MIT license.
Issue #3450
On Fujitsu S936, evaluating the _BIF method on each battery-info update
successively increased the RAM usage, while _BST (dynamic battery
status) and _STA (generic status) did not show this behavior. Therefore
this commit retrieves only dynamic information periodically (resp. on
SCI IRQ). Now, acpica hast static RAM usage in idle state for 24+ hours.
The root cause for the increased RAM usage is still shady. While it
could just be normal that it grows until a certain yet unknown limit,
there may also be memory leak in contrib code or some strange AML on the
designated notebook.
Issue #3454
This mode is used on Linux (if acpi=strict is not set on boot cmdline)
and Windows. The mode ignores certain errors and/or bad AML constructs.
1) Allow "implicit return" of last value in a control method
2) Allow access beyond the end of an operation region
3) Allow access to uninitialized locals/args (auto-init to integer 0)
4) Allow ANY object type to be a source operand for the Store() operator
5) Allow unresolved references (invalid target name) in package objects
6) Enable warning messages for behavior that is not ACPI spec compliant
The labels of clipboard ROM and clipboard report sessions of WM clients
must be consistent with the client's nitpicker label. Hence, we must
route those sessions through the window manager, analogously to the
approach taken for shape reports in #3165.
Issue #3437
- make port able to be prepared repeatedly
Rpcgen refuses to overwrite an already existing header, so try to
always remove it beforehand
- get rid of 'cp' warning 'cp: warning: source file
'src/lib/libc/sys/sys/time.h' specified more than once'
- silence patch message 'patch unexpectedly ends in middle of line'
Fixes#3420.
Move the _vfs_sync implementation from vfs_plugin.h to vfs_plugin.cc and
wrap all VFS access in the VFS_THREAD_SAFE macro.
Syncing must be made thread safe because it often happens when closing
files and may require suspending the current thread for I/O signal
dispatching.
Ref #3409
* isatty
For the moment it is not possible to determine if the fd belongs to a
tty. For whatever reasons, the check is done multiple times, e.g.
'tclsh', which will spam the LOG.
* sysctl(HW_FLOATINGPT)
FPU is enabled on all our platforms, so return true.
Fixes#3389.
Start and stop the DHCP state machine as the Nic link-state changes.
Invoke the link state handler during configuration rather than assume
that in the case of a downed link lwIP will defer DHCP until the link
comes up.
Additionally, support static DNS configuration via the "nameserver"
configuration attribute.
Fix#3388
This removes implementations of and also references to anonymous new and
delete operators from the libc implementation. As allocators for
new/delete Libc::Allocator instances are used, which (paradoxically) map
to libc malloc/free.
* Adjust expected pow(-1/1, inf/-inf/nan) output to current libm
behavior (as in FreeBSD, glibc, and OpenLibm) and return 1 on
x86_64/x86_32/arm
* Add 'double float' outputs for ARM which are defined to float
issue #3289
Replace the FreeBSD libm with OpenLibm, which is easier to port.
OpenLibm is used by Mirage's freestanding Ocaml runtime (sin POSIX).
https://openlibm.org/
Ref #3289
This reverts commit 918b9a9fa4.
The Muen debug console buffer was increased by the recent update, which
alleviates the issue with many log messages as in the ieee754 test.
* Make package buildable for ARM too
* Move usb library to src targets for explicitly named targets
* adapt remaining run-scripts to use the correctly named usb drivers
Ref #2190
This enforces the use of unsigned 64-bit values for time in the duration type,
the timeout framework, the timer session, the userland timer-drivers, and the
alarm framework on all platforms. The commit also adapts the code that uses
these tools accross all basic repositories (base, base-*, os. gems, libports,
ports, dde_*) to use unsigned 64-bit values for time as well as far as this
does not imply profound modifications.
Fixes#3208
As a preparatory step for introducing the new block-client API, we have
to turn the 'Block::Connection' into a class template. The template
argument will be used to tie an application-defined job type to the
block connection.
Issue #3283
This patch removes the blocking Block::Session::sync RPC function and
adds the asynchronous operations SYNC and TRIM to the block session's
packet-stream interface.
Even though the patch adjusts all block components to the interface
change, the components keep the former blocking handling of sync
internally for now because of the design of the 'Block::Driver'
interface. This old interface is not worth changing. We should instead
migrate the block servers step by step to the new
'Block::Request_stream' API.
Fixes#3274
This patch replaces the formerly fixed 2 KiB data alignment within the
packet-stream buffer by a server-defined alignment. This has two
benefits.
First, when using block servers that provide small block sizes like 512
bytes, we avoid fragmenting the packet-stream buffer, which occurs when
aligning 512-byte requests at 2 KiB boundaries. This reduces meta data
costs for the packet-stream allocator and also allows fitting more
requests into the buffer.
Second, block drivers with alignment constraints dictated by the
hardware can now pass those constraints to the client, thereby easing
the use of zero-copy DMA directly into the packet stream.
The alignment is determined by the Block::Session_client at construction
time and applied by the Block::Session_client::alloc_packet method.
Block-session clients should always use this method, not the 'alloc_packet'
method of the packet stream (tx source) directly. The latter merely
applies a default alignment of 2 KiB.
At the server side, the alignment is automatically checked by
block/component.h (old API) and block/request_stream.h (new API).
Issue #3274
This patch modernizes the 'Block::Session::info' interface. Instead of
using out parameters, the 'init' RPC function returns a compound 'Info'
object now. The rather complicated 'Operations' struct is replaced by
a 'writeable' attribute in the 'Info' object.
Fixes#3275
This patch removes the reliance of the extract tool from the libc's
behavior regarding the access of time and timing.
The extract tool is not expected to need time. However, unfortunately,
libarchive calls the 'time' function unconditionally. By adding a
dummy for 'time', we avoid bothering the libc, which would otherwise
need to obtain a time source.
Issue #3204
In the original version, I used 'number_of_bits' because Ada's 'Size
returns the size in bits, not bytes. But the values (for objects) are
always a multiple of 8. On the C++ side, performing size checks at the
granularity of bits is just awkward. The term 'object size' is more
natural.
By adding a wildcard at the beginning of (expected) error messages, the
test.run tool becomes able to match the lines (ignoring the characters
of the color escape sequence).
The "nameserver" file cannot be opened through a VFS File_system client
if the plugin does not support opening the parent directory of
"/nameserver", which would be "/".
Ref #3269
Replace the I/O response handler that is passed to the VFS at
construction with an object that is dynamically attached to handles.
This object shall also accept read-ready notifications, and plugins are
encouraged to keep handles awaiting ready-ready notifications separate
from handles that await I/O progress.
Replace the use of handle lists in plugins with handle queues, this
makes the code easier to understand and the ordering of notifications to
the application more explicit.
These changes replace the use of the Post_signal_hook from all VFS
plugins, applications must assume that read-ready and I/O notifications
occur during I/O signal dispatch and use an Io_progress_handler at its
entrypoints to defer response until after signal dispatching.
Fix#3257
Make sure that the rwlock is allocated before a lock operation is
performed. This case occurs if a static rwlock was create by using
PTHREAD_RWLOCK_INITIALIZER. Same goes for PTHREAD_CONDS_INITIALIZER.
Fixes#3262.
For better or worse we have no proper way of handling this right now
but contrib libraries, e.g. glib, use it to determine if they can use
the underlying fd.
Fxies #3265.
The new configuration attributes <tcp-forward to_port="123" /> and
<udp-forward to_port="123" /> enable manipulating the destination port of
port-forwarded packets.
Fixes#3237
The "Vfs::Vfs_handle" type should not contain any public members that
can be initialized by the VFS internally and by the application, so
remove inheritance from the "Genode::list::Element" class. The VFS
plugins must instead use lists of "Vfs::Vfs_handle" sub-classes, the
lifetime of which are always managed by the plugin.
Ref #3036
This is a follow-up commit to "Update <provides> info in pkg runtimes",
which adapts the users of the wm pkg to the changed label of the "focus"
nitpicker session.
bus or device should be different (not both) when comparing a device to
already present devices. Because of this the second USB device was
marked as existent when the bus matched or the bus did not but the
device number.
The site download.qt.io seems to apply some mirror-via-HTTP-redirect
scheme which, unfortunately, seems broken (and therefore annoyingly
slow) for non-SSL-secured URLs.
The "schedule_post_signal_hook" method of the Genode::Entrypoint class
is problematic because the signal hook can be scheduled and replaced
multiple times during the signal dispatch cycle. Add an alternative to
this method with "register_io_progress_handler" and the "Post_signal_
hook" class with "Io_progress_handler". The difference being an
"Io_progress_handler" may be registered once during the lifetime of an
entrypoint to prevent arbitrary libraries from replacing a pending hook.
The "register_io_progress_handler" remains as a deprecated API, and is
now invoked for every I/O signal received and only for I/O signals
rather than for any signal.
Ref #3132
The zynq nic_drv also depends on hw, we therefore adapted the folder
structure for clarity. Also renamed the binary to 'zynq_nic_drv' to
prevent conflicts and to allow removing the cadence_gem spec.
Issue #3179
'append_platform_drv_config' appends to the global 'config' variable,
which seems to cause problems with the order of appending when the
'config' variable does not contain the '<config>' start node yet.
'[platform_drv_config]' can be used instead to append to a local variable.
Fixes#3171
This patch simplifies the propagation of pointer shapes from
window-manager clients to the pointer. The "shape" report is routed to
the wm server, which, in turn, reports it to the pointer. This way, the
pointer can easily correlate the label of the application's "shape"
report with the label of the application's Nitpicker session. The
formerly used manual rewriting of the "shape" label is not needed
anymore.
Since the wm server provides a "Report" service now, its <provides>
declaration must cover "Report" in addition to "Nitpicker" to avoid
runtime error messages. Vice versa, the wm is now expected to request
"shape" reports, which should be routed to the pointer (using the
'label_last' routing attribute).
Fixes#3165
The lwIP VFS plugin uses lwIP pbuf chains to queue recieved TCP data and
must rechain them when the application dequeues data. Remove an
"pbuf_realloc" call which is not needed for updating pbuf metadata when
dequeuing the head of the chain.
Fix#3169
1) A session request gets denied if there is no matching session policy.
(The <defaul-policy/> tag can be used for the former default behavior)
2) A session request gets denied if the MAC address is given through the
matching policy but this address cannot be allocated.
3) A session request gets denied if the MAC address is not given through the
matching policy and it is also not possible to allocate one.
Issue #3040
This patch adjusts the implementation of the base library and core such
that the code no longer relies on deprecated APIs except for very few
cases, mainly to keep those deprecated APIs in tact for now.
The most prominent changes are:
- Removing the use of base/printf.h
- Removing of the log backend for printf. The 'Console' with the
format-string parser is still there along with 'snprintf.h' because
the latter is still used at a few places, most prominently the
'Connection' classes.
- Removing the notion of a RAM session, which does not exist in
Genode anymore. Still the types were preserved (by typedefs to
PD session) to keep up compatibility. But this transition should
come to an end now.
- Slight rennovation of core's tracing service, e.g., the use of an
Attached_dataspace as the Argument_buffer.
- Reducing the reliance on global accessors like deprecated_env() or
core_env(). Still there is a longish way to go to eliminate all such
calls. A useful pattern (or at least a stop-gap solution) is to
pass the 'Env' to the individual compilation units via init functions.
- Avoiding the use of the old 'Child_policy::resolve_session_request'
interface that returned a 'Service' instead of a 'Route'.
Issue #1987
The minimal-footprint Ada runtime for implementing library-like
functionality in SPARK is now called "spark" runtime.
The full Ada runtime for entire components written in Ada and using the
libc as glue to the underlying system will move to the world repository
as "ada" runtime.
Issue #3144
Also added a report_rom for USB devices and let the driver report like
in a real scenario. Can also be used for debugging by setting
verbose="yes" in report_rom.
The former 'Genode::Timed_semaphore' mechanism is moved to the private
part of the two remaining users, namely dde_rump and the libc. Note
there are now two private copies of 'timed_semaphore.h'. This should be
regarded as an interim step until the use of this mechanism is removed
from both users.
This patch also cleans up the mechanism from legacy Genode API calls and
global side effects (alarm-thread singleton). The test/timed_semaphore
is now located at the libports repository as it now tests a mechanism of
the libc. The former timed_semaphore library is no more.
Fixes#3121
Store all files generated by moc and rcc in the application's build
directory to prevent the use of unfinished generated files for other
applications built at the same time.
Issue #3115
Since the timer and timeout handling is part of the base library (the
dynamic linker), it belongs to the base repository.
Besides moving the timer and its related infrastructure (alarm, timeout
libs, tests) to the base repository, this patch also moves the timer
from the 'drivers' subdirectory directly to 'src' and disamibuates the
timer's build locations for the various kernels. Otherwise the different
timer implementations could interfere with each other when using one
build directory with multiple kernels.
Note that this patch changes the include paths for the former os/timer,
os/alarm.h, os/duration.h, and os/timed_semaphore.h to base/.
Issue #3101
Our overall nightly test time greatly decreases when the timeouts for
the single tests are not that over-pessimistic. Using the slowest
platforms as reference, this commit reduces the test timeouts.
Ref #3027
Call 'tcp_output' if application data has been successfully queued. This
sends data immediately that may otherwise remain queued until the next
periodic TCP timer event.
This reverts a change made in 3e31e2ba53.
Fix#3067
FreeBSD implements 'clock' with an accuracy of 128 ticks-per-second for
compatibility reasons, Linux uses 1000000 per-second. Remove 'clock' and
print an error because it is unlikely that this is the resolution
expected by the application.
Fix#3057
Return a value in the same width as provided by the caller of sysctl for
PHYSMEM and USERMEM. This is to ensure that if a caller provides a
64-bit integer, a 64-bit value will be returned for 32-bit machines.
issue #3060
This enables Qt5 applications to set a Genode label via 'setWindowTitle'
from within Qt5 applications, and thus, making them identifiable to
other Genode components, like a layout manager.
fixes#3046
Move the libc-i386, libc-amd64, and libc-arm include directories into
the standard "include/spec" directory. This allows the platform specific
headers in the libc API package to be detected in a generic manner.
Ref #3051
The pthread API is considered a standard feature of libc so better to
simply merge it with the libc. Pthreads are in fact already a part of
the libc in the form of weak symbols. This merger is also a prerequisite
for better integrating pthreads with the libc I/O task.
Fix#3054
The PDF viewer can crash under a number of conditions due to changes to
the internal framebuffer model that were made to support mouse wheel
panning. These changes are reverted until the model can be reimplemented
to explicitly support page panning.
Fix#3021
This commit replaces the former floating_window_layouter with a new
window_layouter component that supports the subdivision of screen space
into columns and rows, the concept of layers, and the principle ability
to store window layout information across reboots. The latter is
accomplished by reflecting the component's internal state as a 'rules'
report to the outside.
Fixes#3031
For being able to build the tests via source archives, the 'base'
library must be denoted as dependency explicitely in their 'target.mk' file.
This is because when building archives, the API dependencies of used APIs are
not taken into account.
Use the Timer session duration for CLOCK_MONOTONIC and CLOCK_UPTIME.
Use the Genode::Duration object for passing internal time, it supports
sub-millisecond time and helps disambiguate units of time.
Fix#3018
Block and loop until application writes are sent or buffered in their
entirety. Do not call "tcp_output" directly, LwIP calls this procedure
internally and calling it again appears to disrupt the LwIP TCP state
machine.
Fix#3017
* Account all RAM/CAP quota of a session except quota for metadata used in
core. The latter is considered when asking if a session can afford to make
an operation but it does not get accounted to always be able to pay back all
quota when a session closes. The general accounting mechanism is moved from
atop of the allocators down to the level of RAM/RM session operations.
* report statistics about session objects and quota if <report stats="yes"
quota="yes"/> is configured. (default is yes if <report> is present)
Issue #2953
The VFS LwIP plugin is page-faulting on connect error because the LwIP
library frees a failed TCP protocol control block before calling the
error callback, and then the VFS plugin dereferences the PCB to free it
a second time. This problem was caused by a failure to follow
documentation during a transition from a C callback to a C++ method.
Fix#2972
When 'notify_read_ready()' is called during 'select()' and fails,
suspending can cause a deadlock when the libc IO response handler becomes
active and calls 'select_notify()', which tries to acquire the
'select callback list lock', which is already acquired by the suspended
'select()' call.
It seems possible to ignore a failed 'notify_read_ready()' call instead of
suspending. When the VFS plugin calls the IO handler later when the
notification request can be processed, the 'select_notify()' call of the
libc IO response handler will eventually call 'notify_read_ready()' again.
Fixes#2970
Implement the passwd database subroutines with single-user database.
This database is populated with a <passwd/> sub-node of the libc
configuration node. All fields of the "passwd" struct may be specified
with reasonable defaults provided for a "root" user. This allows a
libc-based component to spoof user information for the sake of porting
existing Unix software.
A test is provided at run/libc_getpwent.
Fix#2919
GNU tar interprets the passed time value in local time by default, which
lead to unstable hashes again. So, now provide a complete date/time
value incl. time zone.
Related to #2842
There is a bug in the LwIP VFS plugin, the chained buffers used by Lwip
use sizes expressed in sixteen bits, and under conditions such as a read
of 1<<16 the higher bits are lost and the plugin performs a zero length
read, and the application interprets this as a closed connection.
Fix#2947
The PS/2 driver retries to get mouse-reset results for 700 ms, sleeping
after each attempt for 10 ms. So, the driver needs a Timer session now.
Fixes#2713
LwIP skips a packet copy by wrapping Nic stream buffer regions in LwIP
pbuf objects. Move from a fixed size array to a potentially unbounded
slab allocator for managing this buffer metadata.
Ref #2335
A 'QThread' can be reused when its execution is finished by calling
'QThread::start()' again. Before this commit, this created a new Genode
thread, but did not destroy a previously finished Genode thread first.
Fixes#2928
This patch reintroduces the LwIP stack to libc as a VFS plugin
implementing the socket_fs interface. Rather than use LwIP's socket
emulation layer this plugin interfaces directly to LwIP raw API and is
single threaded.
The internal TCP parameters of the stack are untuned.
Fix#2050Fix#2335
Calling 'handle_io_response()' in a regular VFS function (in contrast to a
post-signal hook) can cause problems if the caller of the VFS function holds
a lock which prevents the io response handler from returning.
With this commit, the user of the VFS becomes responsible for unblocking
threads which might be blocking after a failed 'queue_read()', 'queue_sync()'
or 'write()' call.
Fixes#2896
This patch removes the detection of statically linked executables from
the base framework. It thereby fixes the corner cases encountered with
Sculpt when obtaining the binaries of the runtime from the depot_rom
service that is hosted within the runtime.
Statically linked binaries and hybrid Linux/Genode (lx_hybrid) binaries
can still be started by relabeling the ROM-session route of "ld.lib.so"
to the binary name, pretending that the binary is the dynamic linker.
This can be achieved via init's label rewriting mechanism:
<route>
<service name="ROM" unscoped_label="ld.lib.so">
<parent label="test-platform"/> </service>
</route>
However, as this is quite cryptic and would need to be applied for all
lx_hybrid components, the patch adds a shortcut to init's configuration.
One can simply add the 'ld="no"' attribute to the <start> node of the
corresponding component:
<start name="test-platform" ld="no"/>
Fixes#2866
The verbosity mode of the NIC bridge can be toggled with the verbose attribute
(default value shown):
! <config verbose="no" />
If enabled, the NIC bridge logs sent and received packets as well as the
lifetime of interfaces connected to the bridge.
Issue #2899
Do not generate invalid configurations for the uplink domain anymore. If
some tests are disabled and therefore their routing rules at the uplink
domain would be invalid, spare out these routing rules.
Issue #2899
Also remove 'requires_installation_of', while also checking sbin
directories in 'have_installed'. The run scripts have been adjusted
accordingly.
Fixes#2853
- initialize the stack size attribute with `Libc::Component::stack_size()`
as default value
- remove the possibly uninitialized `pthread` member from the attribute
structure and obtain current attribute values in the
`pthread_attr_get_np()` function, where the `pthread` object reference
is given as argument
- let each thread obtain its stack address and actual stack size at thread
start to have the information available for other threads
Fixes#2865
The libc will now use the file given by the 'nameserver_file' attribute
to get the DNS nameserver address instead of reading '/etc/resolv.conf'.
It defaults to '/socket/nameserver' which is the common location when
using the lxip VFS plugin. As a constraint the libc will read the first
line and expects the nameserver address without any keywords in front of
it.
Fixes#2861.
Merge the configuration from raw/pdf_view into the pkg/pdf_view runtime
file. Request a File_system session and load files from there, rather
than by ROM.
Ref #2859
The component is no longer loads from '/test.pdf', the first PDF file
found in the root directory of the file-system is loaded automatically.
The behavior cannot be overridden by configuration.
Feed MuPDF with characters from input events to MuPDF rather than
translate raw key codes to ASCII. This enables almost all MuPDF key
bindings without the need to maintain a lookup table. Mouse navigation
has been enabled as well. To print the key-bindings to log, press '?'.
Fix#2859
Introduce the uplink tag:
! <config>
! <uplink label="wifi" domain="uplink">
! <uplink label="wired" domain="wired_bridge">
! <uplink domain="wired_bridge">
! <config/>
For each uplink tag, the NIC router requests a NIC session with the
corresponding label or an empty label if there is no label attribute.
These NIC sessions get attached to the domain that is set in their
uplink tag as soon as the domain appears. This means their lifetime is
not bound to the domain. Uplink NIC sessions can be safely moved from
one domain to another without being closed by reconfiguring the
corresponding domain attribute.
Attention: This may render previously valid NIC router configurations
useless. A domain named "uplink" doesn't automatically request a NIC
session anymore. To fix these configurations, just add
! <uplink domain="uplink"/>
or
! <uplink label="[LABEL]" domain="uplink"/>
as direct subtag of the <config> tag.
Issue #2840
- support saving of files with no file name extension
- make the the "All Files (*)" file selection filter the default to see
configuration files immediately
Fixes#2844
Properly initialize and reset the _owner member, otherwise
correlating the unlock operation with the respective read/write
lock does not work.
Move locking the _nbr_mutex in the unlock operation after the
owner check. Otherwise, a reader holding that mutex and waiting
for the write lock would deadlock a writer trying to unlock the
_global_mutex.
Ref. Componolit/componolit#86
Ref. #2656Fixes#2832
If ACPI IRQs are received but no changes to the watched state for a specified
count can be observed, than generate nonetheless a Genode report.
Issue #2816
Rename LwIP library in preparation for removal of LwIP libc plugin. The
current LwIP library will be replaced with a new version stripped of its
synchronous socket support. The next version will be incompatible with
the current, so removing 'lwip.lib.so' completely for a period makes it
easy to identify legacy users.
Fix#2797
Generic code that operates over both UDP and TCP sockets might use
'sendto', but in the case of TCP the destination address ought to be
safely discarded. This seems to be the case for certain DNS software
that operates over both UDP and TCP.
Fix#2807
issue #2791
pthread_attr is not associated with any thread, the statistics must be
gathered at runtime, while 'pthread_attr_get_np' may retrieve attributes
by from any thread. Addtionally, the attributes given to
'pthread_create' will most likely be deleted after the creation call.
The sole existence of shared-object dependencies lead to fatal
static-constructor errors before. Now, ldso checks if the ctors section
of objects in the init list are non-empty before whining.
Issue #2759
Socket_fs sockets are now created each time a 'new_socket' control file
is opened, not each time a 'new_socket' file is read. When a handle on a
'new_socket' file is closed the socket and its socket files are
destroyed. The accept control file on a listening socket reads "1" or
reads nothing to indicate a client connection is queued. Client sockets
are accepted by opening an 'accept_socket' file in the listen socket
directory. This file behaves like the aforementioned 'new_socket' file.
Ref #2707
The nic_bridge test is not suitable to be executed on hardware so it should,
in case, print an appropriate message and return without doing anything else.
Issue #2788
This commit changes the 'Input::Event' type to be more safe and to
deliver symbolic character information along with press events.
Issue #2761Fixes#2786
The Ada runtime can now be set with the ADA_RTS variable. The ada
library builds a (currently) minimal runtime from the gcc sources that
come with Genode (to stay consistent with the used compiler) and sets
the runtime path accordingly. It is build as a shared library ada.lib.so
which needs to be added to the build files.
I split the existing Ada test into program and library, and moved it
to libports as it depends on the runtime library residing in this
repository too.
Fixes#2748
Reduce the size and forward compatibility of VFS file-system
constructors by passing an object holding accessors for 'Genode::Env',
'Genode::Allocator', response handlers, and the root file-system.
Fix#2742
In other words: Loosen the former property that suspend can only be
called from the first user stack and, thus, enable additional user
stacks, e.g., in coroutine libraries.
Fix#2737
The 'default' attribute is useful to change the default value for those
protocol attributes that are not explicitely set in the configuration of
the component.
Issue #2738
Each supported protocol now has an attribute with the name of the protocol in
the config tag. Each of these attributes accepts one of four possible values:
* no - do not print out this protocol
* name - print only the protocol name
* default - print a short summary of the most important header values
* all - print all available header values
Example:
! <config eth="name"
! arp="all"
! ipv4="default"
! dhcp="no"
! icmp="all"
! udp="no"
! tcp="default"
! ... />
Corresponding output example:
! ETH IPV4 10.0.2.212 > 10.0.2.55 time 7158 ms (Δ 11 ms)
! ETH IPV4 10.0.2.55 > 10.0.2.201 TCP 80 > 49154 flags ' time 6976 ms (Δ 5 ms)
! ETH ARP hw 1 prot 2048 hwsz 6 protsz 4 op 1 srcmac 02:02:02:02:02:01 srcip 10.0.2.212 dstmac 00:00:00:00:00:00 dstip 10.0.2.55 time 7074 ms (Δ 98 ms)
Issue #2738
This patch enables the use of the VFS from VFS plugins by passing a
reference of the root directory to the constructors of file-system
instances. Since it changes the signature of 'Vfs::Dir_file_system',
any code that uses the VFS directly requires an adaptation.
Fixes#2701
A very basic test of the re-configurability. It overwrites the configuration
once without making any changes, once with removing all domains except
uplink, and a third time recovering to the initial configuration to see if
the clients keep going as soon as their domains are back.
Fixes#2670
This separates the decision wether to log the received and sent packets
from the 'verbose' attribute. This information is now only logged if
'verbose_packets' is switched on. If 'verbose' is switched on, only
routing decisions and optional hints are printed.
Ref #2670
Link the EGL library with Mesa. SDL's `GL_GetProcAddress` now calls
`eglGetProcAddress` rather than lookup procedures directly in the Mesa
library.
Components may still wish to list 'mesa_api' in LIBS to access OpenGL
headers.
Fix#2711
This prevents diagnostic messages like
Error: partial write detected 0 vs 31
for writes into already released socket directories due to a still-open
handle to the socket data file.
Remove the dependency on the deprecated LwIP libary.
Remove the progress logging callback. Should a progress indicator be
desired, a progress report would be more appropriate.
Fix#2684
This patch removes the notion of partial writes from the file-system
servers. Since write operations are asynchronously submitted, they are
expected to succeed completely, except for I/O errors. I/O errors are
propagated with the write acknowledgement but those are usually handled
out of band at the client side. Partial writes must never occur because
they would go undetected by clients, which usually don't wait for the
completion of each single write operation.
Until now, most file-system servers returned the number of written bytes
in the acknowledgement packet. If a server managed to write a part of
the request only, it issued the acknowledgement immediately where it
should have cared about writing the remaining part first.
The patch detects such misbehaving server-side code. If partial writes
unexpectedly occur, it prints a message and leaves the corresponding
request unacknowdleged.
Issue #2672
Instead of having a lot of platform specific quirks in the run test,
and to also test it on platforms currently missing a NIC driver,
this commit removes hardware drivers from the nic_router and
nic_bridge run scripts, and uses the nic_loopback server instead.
The new 'verify' component facilitates the code of GnuPG to verify
detached OpenPGP signatures against public keys.
Since GnuPG depends on libgcrypt and libgpg-error, the patch adds these
libraries to the libports repository.
Fixes#2640
The TCP window scaling is implemented for servers (like netperf's
netserver) only. The client implementation just uses the lower 16 bits
of the TCP_WND configuration value, which we therefore maximize to ~64K.
This is a follow-up commit to "Increase default warning level", which
overrides Genode's new default warning level for targets contained in
higher-level repositories. By explicitly whitelisting all those targets,
we can selectively adjust them to the new strictness over time - by
looking out for 'CC_CXX_WARN_STRICT' in the target description files.
Issue #465
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465
Stdin, stdout, and stderr are mapped to descriptors 0, 1, and 2
respectively. If these first three descriptors are not allocated before
the application becomes active then normal files and sockets can be
opened under these numbers, potentially causing unexpected application
behavior.
Fix#2628
This patch makes the creation of the libc's timer session depend on
whether or not the 'rtc' attribute of the <libc> configuration is
defined. If not configured, 'clock_gettime' returns 0.
Fixes#2625
The NIC router can now be configured to periodically send reports.
Configuration example (shows default values):
<config>
<report interval_sec="5" bytes="yes" config="yes">
</config>
If the 'report' tag is not available, no reports are send.
The attributes of the 'report' tag:
'bytes' : Boolean : Whether to report sent bytes and received bytes per
domain
'config' : Boolean : Whether to report ipv4 interface and gateway per
domain
'interval_sec' : 1..3600 : Interval of sending reports in seconds
Issue #2614
Avoid that the user has to define the number of HTTP/UDP clients manually.
This count is used by the run scripts to generate the expected log output.
Fix#2609
Previously, the function that returned the XML config for a network test
client/server in the scripts formed the component name of the peer solely
by combining the protocol name, "client" or "server", and a suffix that
is given as argument. However, to group multiple clients together in one
domain via their session label at the NIC router we want peers with the same
name prefix. Thus, the function now simply takes the whole name as argument.
Issue #2609
When this flag is set in the config tag, the NIC router will print a
short information to the log for each general state change of a domain.
This includes currently the IP-configuration state and the number of
connected NIC sessions. This a useful addition as the normal verbose
flag's purpose is a very deep insight into almost every activity in the
router, which is cool for debugging sophisticated problems but normally
floods the log and therefore discards this option for, e.g., desktop
systems. In such systems, the new verbosity is pretty discreet but
already gives a good hint on why packets may get dropped by the router
although the routing rules are correct.
Issue #2534
Replace former rtt_sec attribute of the <config> tag by more specific
(and still optional) attributes for timeouts used in the NIC router
(these are also the default values):
<config dhcp_discover_timeout_sec="10"
dhcp_request_timeout_sec="10"
dhcp_offer_timeout_sec="10"
udp_idle_timeout_sec="30"
tcp_idle_timeout_sec="600"
tcp_max_segm_lifetime_sec="30">
Details about the new attributes can be found in the README of the router.
Issue #2590
In case the video geometry (WxH) is larger than the current size of
the framebuffer, match its size and let libav do the scaling. This
enables the playback of 1080p movies on smaller screens.
Issue #2583.
The synchronization with the ACPI driver is not needed when starting
acpica at a later stage. It could already be disabled via the
'acpi_ready="yes"' config attribute. However, acpica still
unconditionally requests the so-called "Acpi" service, which is an
alias for the platform_drv's "Platform" service. This patch disables the
use of this alias when the 'acpi_ready' synchronization is disabled.
The debug version comes with an unwelcome libc dependency, which is
solely needed for the formatted output of error messages. Since the
distinction between the regular and the debug versions remained unused
in practice, this patch removes the debug version.
This makes '/' and the actual root of VFS distinguishable. A VFS root
may contain one ore more '/' entries for each file system. 'opendir' for
the VFS root opens all file systems via 'open_composite_dir', while
'opendir' for '/' only returns a VFS handle.
Fixes#2569
Currently, LxIP peers need a lot of RAM (the simple test-client/server for the
nic_router test need at least 28 MB per component). As the nic_router test
previously used 6 instances of such components and a lot of other components,
it had issues with insufficient RAM on some platforms. By using two new
LwIP-based UDP tests instead, we save more than 100 MB.
Ref #2543
Do not use two times the RTT for the lifetime of links but use it as
it is configured to simplify the usage of the router. Internally, use
Microseconds/Duration type instead of plain integers.
Ref #2490
The remote shell facilities are past deprecation and there is an
obligation to prevent their use rather than to support them. This patch
removes the related function definitions from 'unistd.h', which have not
been been included in the Genode libc ABI regardless.
Fix#2530
Remove getaddrinfo and freeaddrinfo from the Libc::Plugin and get rid of
the extra libc_resolv library. Remove getaddrinfo/freeaddrinfo symbol
hiding patch for FreeBSD sources. Remove libc_resolv from Makefiles and
run scenarios.
Fix#2273
This recipe copies the entire stdcxx library into the API archive, which
is an interim solution until we introduce a proper ABI for stdcxx. With
this current version, every user of the stdcxx ABI will implicitly build
the stdcxx library.
The timer driver should always be of the highest priority to avoid
problem with timers that have low max-counter values like the PIT
with only 53 ms.
Ref #2400
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.
Fix#2469
The files are generated via flex and bison. Until now, this step was
performed when preparing the libc port. Unfortunately, the generated
files have subtle differences depending on the flex/bison versions
installed in the host. For example, the bison version number appears in
the generated code. This, in turn, breaks the hash mechanism of the
depot where a src/libc archive ends up being slightly different when
created on different hosts.
By moving the code generation to the build stage, the src/libc archive
merely contains the nslexer.l and nsparser.y source files but not the
generated files.
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.
For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.
The most important changes are:
- Directories are created and opened with the 'opendir()' function and the
directory entries are read with the recently introduced 'queue_read()'
and 'complete_read()' functions.
- Symbolic links are created and opened with the 'openlink()' function and
the link target is read with the 'queue_read()' and 'complete_read()'
functions and written with the 'write()' function.
- The 'write()' function does not wait for signals anymore. This can have
the effect that data written by a VFS library user has not been
processed by a file system server yet when the library user asks for the
size of the file or closes it (both done with RPC functions at the file
system server). For this reason, a user of the VFS library should
request synchronization before calling 'stat()' or 'close()'. To make
sure that a file system server has processed all write request packets
which a client submitted before the synchronization request,
synchronization is now requested at the file system server with a
synchronization packet instead of an RPC function. Because of this
change, the synchronization interface of the VFS library is now split
into 'queue_sync()' and 'complete_sync()' functions.
Fixes#2399
- Update FatFS port from 0.07e to 0.13
- Multi-device support
- Basic test at run/fatfs
- Adaption of existing components
Note, ffat is now consistently renamed to fatfs.
Ref #2410
There are programs, e.g. curl, that check if a connection was
established successfully by looking at SO_ERROR. Pretend that
the getsockopt() call was executed to keep them happy. If they
try to use a broken connection, the other socket functions will
bail.
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end. Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.
This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.
This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled. Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.
With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.
This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.
Open issues:
* The timeout test fails on Raspberry PI because of precision errors in the
first stage. However, this does not render the framework unusable in general
on the RPI but merely is an issue when speaking of microseconds precision.
* If we run on ARM with another Kernel than HW the timestamp speed may
continuously vary from almost 0 up to CPU speed. The Timer, however,
only uses interpolation if the timestamp speed remained stable (12.5%
tolerance) for at least 3 observation periods. Currently, one period is
100ms, so its 300ms. As long as this is not the case,
Timer_session::elapsed_ms is called instead.
Anyway, it might happen that the CPU load was stable for some time so
interpolation becomes active and now the timestamp speed drops. In the
worst case, we would now have 100ms of slowed down time. The bad thing
about it would be, that this also affects the timeout of the period.
Thus, it might "freeze" the local time for more than 100ms.
On the other hand, if the timestamp speed suddenly raises after some
stable time, interpolated time can get too fast. This would shorten the
period but nonetheless may result in drifting away into the far future.
Now we would have the problem that we can't deliver the real time
anymore until it has caught up because the output of Timer::curr_time
shall be monotone. So, effectively local time might "freeze" again for
more than 100ms.
It would be a solution to not use the Trace::timestamp on ARM w/o HW but
a function whose return value causes the Timer to never use
interpolation because of its stability policy.
Fixes#2400
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.
Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.
At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.
If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:
<default-route>
<service name="PD" unscoped_label="timer">
<parent diag="yes"/>
</service>
...
</default-route>
For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.
Fixes#2398
This patch reworks the implementation of core's RAM service to make use
of the 'Session_object' and to remove the distinction between the
"metadata" quota and the managed RAM quota. With the new implementation,
the session implicitly allocates its metadata from its own account. So
there is not need to handle 'Out_of_metadata' and 'Quota_exceeded' via
different exceptions. Instead, the new version solely uses the
'Out_of_ram' exception.
Furthermore, the 'Allocator::Out_of_memory' exception has become an alias
for 'Out_of_ram', which simplifies the error handling.
Issue #2398
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.
Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).
This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.
Issue #2398
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).
Issue #2398
By building the posix library as shared object with an ABI, we
effectively decouple posix-using programs from the library
implementation (which happens to depend on several os-level APIs such as
the VFS).
Ldso now does not automatically execute static constructors of the
binary and shared libraries the binary depends on. If static
construction is required (e.g., if a shared library with constructor is
used or a compilation unit contains global statics) the component needs
to execute the constructors explicitly in Component::construct() via
Genode::Env::exec_static_constructors().
In the case of libc components this is done by the libc startup code
(i.e., the Component::construct() implementation in the libc).
The loading of shared objects at runtime is not affected by this change
and constructors of those objects are executed immediately.
Fixes#2332
With the current implementation resource requests are not automically
satisfied with slack quota by init. Therefore, this commit adapts RAM
quotas of autopilot scenarios to the actual demands.
Due to rounding in the timeout calculation it may happen that the timeout
stored in ms becomes 0, but actually some time (us or ns) are left to wait.
With threads on various priorities (vbox) this may end up in endless loops.
Fixes#2311
To select a different keyboard layout than the default 'en_us', override the
'language_chargen' function in your run script (after including
qt5_common.inc):
proc language_chargen { } { return "de" }
where "de" refers to the character map file
'repos/os/src/server/input_filter/de.chargen'
Issue #2264
It seems that our buildbot has a problem with the TCL command 'string
cat'. In most cases it is not necessary anyway as we can use the ""
enclosure instead. It unfolds inline procedure calls and variables
automatically. We don't want to use "" only in cases where the literal
shall contain many " characters itself as it is the case for XML
configs. Then we use the 'append' command and a helper variable instead.
Ref #2193
If 'close' does not call 'unlink' like 'shutdown', the Lxip_socket_dir
never gets destroyed and thus the socket server leaks resources like
RAM and ports.
Ref #2285
Our 'shutdown' implementation handles only the case that 'how' is 'RDWR'.
Thus, print an error and continue if a user calls it with another value.
Fixes#2285
If 'Libc::Kernel::resume:all()' is called from a non-main thread, send a
signal to unblock the main thread from 'wait_and_dispatch_one_signal()'.
Fixes#2283
The 'server_ip' and 'server_port' attributes for 'lxip/udp_client' and
'lwip/http_clnt' as well as the 'port' attribute for 'lxip/udp_echo' and
'lwip/http_srv_static' are not directly libc-related so they should not
live in the libc tag but in the config tag of the component.
Ref #2193
This commit includes changes to the Nic::Session_component interface.
We now pass the entire env to the component instead of only ram, rm and
the ep because we need the env to open connections from within the
Session_component implemenation. So far only the cadence_gem driver
needs this, though.
Issue #2280.
Libc components cannot use regular calls to select() as this may suspend
their execution. In this case incoming RPCs will be deferred until
select() returns and the component returns to the entrypoint dispatch
loop. The Libc::Signal_handler solves this problem with a its select()
that either returns the currently ready file descriptors immediately or
calls the registered handler function during libc resume.
Now, the libc kernel supports to execute application code from all RPC
functions not only Component::construct(). This is enabled by the
Libc::with_libc() scope function.
This commit extends an easy-to-use mechanism to allow Genode component
code to enter/leave the libc application context. This is needed
whenever low-level component code (like signal handlers or RPC
functions) need to interact with potentially blocking libc I/O
functions.
Please note that this commit contains the API-level design only. The
actual context switching code 'execute_in_application_context' is
missing.
The socket file system can be configured in the "socket" attribute of
the libc config node like follows.
<vfs> <dir name="socket"> <fs/> </dir> </vfs>
<libc ... socket="/socket"/>
This configures the socket file system libc backend to access files in
"/socket" for socket operations.
A binary file may be a temporary Vim .swp file when examining contrib
sources. The commit prevents build errors like
.../repos/dde_linux/lib/mk/lxip_include.mk:29:
target '.../x86_64/var/libcache/lxip_include/include/include/include/Binary'
given more than once in the same rule
.../repos/dde_linux/lib/mk/lxip_include.mk:29:
target '.../x86_64/var/libcache/lxip_include/include/include/include/file'
given more than once in the same rule
...
The read-ready packet informs the server that the client wants to be
notified if a handle becomes readable. When becoming readable, the
server acknowledges packet and the client may queue a read requests
accordingly.
This change introduces a Genode specific init function, which sets the
backend allocator used by jent_zalloc/zfree(). As consequence the
library can solely be used by native Genode components, direct libc
usage is not supported.
Fixes#2274.
This patch eliminates the need for a global allocator by passing the
parent-service registry as argument to the 'Slave::Policy' constructor.
Fixes#2269
The support has two parts. First, a VFS plugin now gets passed an
I/O-response handler callback on construction, which informs users of the
VFS that an I/O event occurred. This enables, for example, the libC to
check if blocking read can be completed. Further, the VFS file I/O
interface provides now functions for suspendable reads, i.e.,
queue_read() and complete_read().
This test reproduces an issue of the VFS block file system when the
underlying block device has a coarser granularity than the block
requests issued by the VFS client. I.e., if the underlying block device
has a block size of 4K, writing a sequence of (non-4K-aligned) 512 blocks
that crosss a 4K boundary corrupts the data on the block device.
Issue #2262
This commit enables compile-time warnings displayed whenever a deprecated
API header is included, and adjusts the existing #include directives
accordingly.
Issue #1987
Parse ``<env key="..." value=".."/>`` nodes from the config ROM and
populate a list at the 'genode_envp' and 'environ' symbols.
Test script at run/libc_getenv.
Fix#2236
This function returns the information whether the used platform relies
on USB HID for interactive scenarios by default as is the case for most
ARM platforms. In contrast, for x86 the USB driver can be omitted because
we can use the PS/2 driver (that is readily available in repos/os/).
Cleaning up LWIP when returning from the main function sporadically
leads to endless errors "Error: sys_arch_mbox_fetch: unknown exception
occured!". We let the client sleep forever at the end of its main function
to prevent tests from failing due to a flooded log.
Reg #2193
The init component used to create the CPU/RAM/PD/ROM sessions (the child
environment) for its children by issuing session requests to its parent,
which is typically core. This policy was hard-wired. This patch enables
the routing of the environment sessions of the children of init
according to the configured routing policy.
Because there is no hard-wired policy regarding the environment sessions
anymore, routes to respective services must be explicitly declared in
the init configuration. For this reason, the patch adjusts several run
scripts in this respect.
This patch removes the outdated '<if-args>' special handling of session
labels. The '<if-args>' feature will eventually be removed completely
(ref #2250)
Issue #2197
Issue #2215
Issue #2233
Issue #2250
Libc::Env is the Genode::Env interface extended to cover access
to the XML content of the 'config' ROM and a VFS instance. This
deduplicates the burden of components to attain and manage
these resources.
Fix#2217
Ref #1987
This aspect was always enabled when creating a build directory for hw,
but is not enabled anymore due to recent build directory unifications.
On the other hand it is needed for jitter entropy anyway.
Ref #2190
This patch make the ABI mechanism available to shared libraries other
than Genode's dynamic linker. It thereby allows us to introduce
intermediate ABIs at the granularity of shared libraries. This is useful
for slow-moving ABIs such as the libc's interface but it will also
become handy for the package management.
To implement the feature, the build system had to be streamlined a bit.
In particular, archive dependencies and shared-lib dependencies are now
handled separately, and the global list of 'SHARED_LIBS' is no more.
Now, the variable with the same name holds the per-target list of shared
libraries used by the target.
This patch removes the component_entry_point library, which used to
proved a hook for the libc to intercept the call of the
'Component::construct' function. The mechansim has several shortcomings
(see the discussion in the associated issue) and was complex. So we
eventually discarded the approach in favor of the explicit handling of
the startup.
A regular Genode component provides a 'Component::construct' function,
which is determined by the dynamic linker via a symbol lookup.
For the time being, the dynamic linker falls back to looking up a 'main'
function if no 'Component::construct' function could be found.
The libc provides an implementation of 'Component::construct', which
sets up the libc's task handling and finally call the function
'Libc::Component::construct' from the context of the appllication task.
This function is expected to be provided by the libc-using application.
Consequently, Genode components that use the libc have to implement the
'Libc::Component::construct' function.
The new 'posix' library provides an implementation of
'Libc::Component::construct' that calls a main function. Hence, POSIX
programs that merely use the POSIX API merely have to add 'posix' to the
'LIBS' declaration in their 'target.mk' file. Their execution starts at
'main'.
Issue #2199
On a 64-bit system, enabling the OpenSSL NIST 64-bit optimization should
result in considerable speed improvements when using curves: NIST-P224,
NIST-P256, and NIST-P521. Additionally it avoids that Tor complains
about having an OpenSSL that lacks this feature.
Ref #2193
The main window must be visible before avplay or a framebuffer filter
requests the framebuffer session which goes to Nitpicker, because the
parent view of the new Nitpicker view is part of the
QNitpickerPlatformWindow object, which is created when the main window
becomes visible. If this object does not exist yet, a page fault occurs.
Fixes#2187
This patch unconditionally applies the labeling of sessions and thereby
removes the most common use case of 'Child_policy::filter_session_args'.
Furthermore, the patch removes an ambiguity of the session labels of
sessions created by the parent of behalf of its child, e.g., the PD
session created as part of 'Child' now has the label "<child-name>"
whereas an unlabeled PD-session request originating from the child
has the label "<child-name> -> ". This way, the routing-policy of
'Child_policy::resolve_session_request' can differentiate both cases.
As a consequence, the stricter labeling must now be considered wherever
a precise label was specified as a key for a session route or a server-
side policy selection. The simplest way to adapt those cases is to use a
'label_prefix' instead of the 'label' attribute. Alternatively, the
'label' attribute may used by appending " -> " (note the whitespace).
Fixes#2171
This patch adjusts the various users of the 'Child' API to the changes
on the account of the new non-blocking parent interface. It also removes
the use of the no-longer-available 'Connection::KEEP_OPEN' feature.
With the adjustment, we took the opportunity to redesign several
components to fit the non-blocking execution model much better, in
particular the demo applications.
Issue #2120
This is a redesign of the root and parent interfaces to eliminate
blocking RPC calls.
- New session representation at the parent (base/session_state.h)
- base-internal root proxy mechanism as migration path
- Redesign of base/service.h
- Removes ancient 'Connection::KEEP_OPEN' feature
- Interface change of 'Child', 'Child_policy', 'Slave', 'Slave_policy'
- New 'Slave::Connection'
- Changed child-construction procedure to be compatible with the
non-blocking parent interface and to be easier to use
- The child's initial LOG session, its binary ROM session, and the
linker ROM session have become part of the child's envirenment.
- Session upgrading must now be performed via 'env.upgrade' instead
of performing a sole RPC call the parent. To make RAM upgrades
easier, the 'Connection' provides a new 'upgrade_ram' method.
Issue #2120
This patch is a preparation of the forthcoming async parent interface.
Note that this patch increases the size of connection objects.
Furthermore it adds a diagnostic message whenever a connection fails.
Issue #2166
This feature is not compatible with the forthcoming nonblocking parent
interface. The patch removes the use of feature in all places except for
the components of the demo repository, which will under go a redesign
anyway.
Issue #2120
Issue #2165
- use the correct memory free functions on errors
- report packet submit errors
- rename 'Usb::Packet_descriptor::transfer.timeout' as
'Usb::Packet_descriptor::transfer.polling_interval'
Fixes#2135
* Supply Env to Input::Session_component
* Attach input event dataspace at Input::Client
* Process input events by lambda rather than pointer
* Supply Env and a label to Input::Connection
* Wm serves valid input_session to decorator
* Per-source signal handling at input_merger
* Base API update for dummy_input_drv, test_input
* Input API update for launcher, menu_view, terminal,
mupdf, sdl, seoul, virtualbox
Ref #1987
The nic_router component can be used to individually route IPv4 packets
between multiple NIC sessions. Thereby, it can translate between
different IP subnets. The component supports port forwarding, as well as
the partitioning of the TCP and UDP port spaces.
Fixes#114