When wrongly invoking the run script by specifying a skipped test
as its only TEST_PKGS argument, the run script fails due to a wrong
tar argument order. Let's better reflect this condition to the user
ahead of invoking tar.
With `MAP_FIXED` absent from the mmap(3p) flags, "the implementation uses
addr in an implementation-defined manner to arrive at pa", which may
lead to a mapping at an address diffent to the requested `addr`.
Add `MAP_FIXED` to the mmmap flags to force mapping to the specified
address.
Fixes#5147
Such messages can occur by chance when killing 'echo' while the program
blocks in an IPC call. It gets killed nevertheless. So the message does
not hint at a failure of the test.
In the context of #5138, the timer drivers for NOVA and base-hw had been
changed to support timeouts at a precision of 250 us (from formerly 1 ms).
Adjust the test to the new expected lower bound.
The dynamic buffer allocation increases the RAM demand slightly beyond
1M on seL4. Use 2M, as is already the default in pkg/terminal_crosslink.
Issue #5135
Replace the USB session API by one that provides a devices ROM only,
which contains information about all USB devices available for this client,
as well as methods to acquire and release a single device.
The acquisition of an USB device returns the capability to a device session
that includes a packet stream buffer to communicate control transfers
in between the client and the USB host controller driver. Moreover,
additional methods to acquire and release an USB interface can be used.
The acquisition of an USB interface returns the capability to an interface
session that includes a packet stream buffer to communicate either
bulk, interrupt, or isochronous transfers in between the client and the
USB host controller driver.
This commit implements the API changes in behalf of the Genode C API's
USB server and client side. Addtionally, it provides Usb::Device,
Usb::Interface, and Usb::Endpoint utilities that can be used by native
C++ clients to use the new API and hide the sophisticated packet stream API.
The adaptations necessary target the following areas:
* lx_emul layer for USB host and client side
* Linux USB host controller driver port for PC
* Linux USB client ports: usb_hid_drv and usb_net_drv, additionally
reduce the Linux tasks used inside these drivers
* Native usb_block_drv
* black_hole component
* Port of libusb, including smartcard and usb_webcam driver depending on it
* Port of Qemu XHCI model library, including vbox5 & vbox6 depending on it
* Adapt all run-scripts and drivers_interactive recipes to work
with the new policy rules of the USB host controller driver
Fixgenodelabs/genode#5021
For now this import file is solely there to satisfy the mechansim
in Goa that collects and incorporates import files for used APIs.
Issue genodelabs/goa#81.
The kernel timer used to truncated timeouts to the next lower
millisecond, which not only limits the wakeup accuracy but also results
in situations where a user-level timeout is triggered earlier than
expected. The latter effect results in the observation of a spurious
timeouts and the subsequent programming of another timeout.
The patch solves the problem by preserving the sub-milliseconds bits
in the 'us_to_ticks' implementation(s).
Issue #5142
This patch modifies the mixer's time window allocation by modelling the
drift of the period length over time. This yields a much better
stability of the detected sample rates in the presence of jitter.
Issue #5132
This patch caps the busyness of the rump kernel, which normally calls
sleep with timeouts between 0 and 10 ms even when idle. On Sculpt
running on a x250 laptop, this patch saves 0.4% CPU load, which is
almost the half of the idle load.
Issue #5140
This data structure uses an AVL tree to maintain a time-sorted set of
alarm objects. It supports the use of circular clocks of an bit width.
Issue #5138
The format library is required, otherwise the binary isn't build. This
regression was introduced in
acpica: provide verbose config (issue #5083)
Fixes genodelabs#5136
The package depends on two resources.
- A Nic session should be routed to the nic_router "http" domain make
the HTTP server available from the outside on forwarded port 80.
- A File_system session labeled "webroot" can be routed to any server
by relabeling the session, e.g., to "report" or "config" in parent.
Sculpt deploy exmaple exporting report_fs via HTTP.
<start name="lighttpd" pkg="lighttpd">
<route>
<service name="Nic">
<child name="nic_router" label="http"/>
</service>
<service name="File_system" label="webroot">
<parent label="report"/>
</service>
</route>
</start>
Newer Qemu variants quit with an error about already existing devices
if the same device-id is add and removed in a loop fast. To circumvent
this strange behaviour, simply use consecutive device id numbers.
Ref genodelabs/genode#5021
This patch was back ported from upstream Mesa and generalizes the memory
management of buffer objects used by the binder. Before this patch the
binder was treated as a special case where buffer objects were allocated
with a simple "next block or wrap" allocator. With this commit the
binder now uses the vm_heap allocators as done by all other buffer
allocations which leads to issues with reference counting and object
destruction being resolved.
Original commit message:
We're moving towards a path where all contexts share the same virtual
memory - because this will make implementing vm_bind much easier - ,
and to achieve that we need to rework the binder memzone. As it is,
different contexts will choose overlapping addresses. So in this patch
we adjust the Binder to be 1GB - per Ken's suggestion - and use a real
vma_heap for it. As a bonus the code gets simpler since it just reuses
the same pattern we already have for the other memzones.
This patch contains the mobile variant of Sculpt OS, which evolved
at the genode-allwinner repository until now. In consists of the
following parts:
- gems/src/app/phone_manager plays the role of the sculpt manager
- sculpt/phone-linux allows for test driving the mobile
variant on base-linux
- gems/src/app/dummy_modem mockup of a modem's behavior, used for
GUI development and testing
The parts targeting a specific device (PinePhone) remain local to
the genode-allwinner repository.
To give it a try:
make run/sculpt_test KERNEL=linux BOARD=linux \
SCULPT=phone LOG=core DEPOT=tar
Fixes#5125
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start block job scheduling on resume
Fixes#5101
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start block job scheduling on resume
Issue #5101
This commit is a preparation commit for suspend/resume. The commit
refactors the code in order to consolidate all Platform resources into one
instance. All users within the driver should access the resources with
with_* functions, which checks whether the device resource is usable. The
callers are not allowed to store any references to the provided resources.
Issue #5101
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start GPU job scheduling on resume
Fixes#5081
This commit replaces the mapping of DMA buffers and gets rid of the
bounce-buffer handling, which was introduced to prevent data
corruption noticed when utilizing USB storage with Windows 10 guests,
with accessing the buffers directly.
Due to the way Windows 10 at times manages its DMA memory (many small
pieces instead of few larger ones) the unbounded registry becomes a
problem when containing stale entries.
Changing the 'qemu-usb' implementation allows for using 'read_dma'
and 'write_dma' directly.
Fixes#5121.
This patch enhances the audio driver with the option to operate as a
client of the record and play services instead of providing the audio-in
and audio-out services. The record/play mode can be enabled by setting
the 'record_play="yes"' config attribute.
The audio_in.run and audio_out.run scripts support the selection of the
mode via the 'use_record_play_sessions' hook function.
Issue #5097
A read with MSG_PEEK returns -1 and EGAIN/EWOULDBLOCK in case the socket
is connected. Zero is only returned if the socket is disconnected.
isuee #5104
In case the socket is non-blocking, a read with the MSG_PEEK flag set
has to return -1 and EWOULDBLOCK/EAGAIN in case no data is availble and
the socket is connected. Returning zero implies the socket is in
non-connected state. Therefore, check the connection state in this
situation and return accordingly.
issue #5104
- New session interfaces:
- os/include/play_session (for audio playing / mic-input driver)
- os/include/record_session (for audio recording / audio-output driver)
- Mixer at os/src/record_play_mixer providing both play and record services
- Simple waveform player at os/src/app/waveform_player
- Simple audio-signal capturing component at os/src/app/record_rom
- Simple oscilloscpe at gems/src/app/rom_osci (using record_rom)
- Simple test-audio_play for playing raw stereo f32 data
The _gems/run/waveform_player.run_ script illustrates the use of the new
components and interfaces.
Issue #5097
* Move Kernel::Cpu_scheduler to Kernel::Scheduler
(we only have that one scheduler)
* Move Kernel::Cpu_share to Kernel::Scheduler::Context
* Move Kernel::Cpu_priority to Kernel::Scheduler::Priority
* Rename all functions and variables refereing to `claims` to
`prioritzed`, because claims is not that common
* Rename occurrences of `fill(s)` to `slack` to name the time portions
outside of the prioritized quantum
* Get rid of some two-liner sub-functions with only one occurrence
(like `_quota_introduction`, `_quota_revokation`,...)
Ref genodelabs/genode#5115
This private, internal function is used only in one scope,
and therefore not neccessary. But it has nasty side-effects as
it takes the parameter `duration` as reference and changes its
value. Just remove it completely.
Ref genodelabs/genode#5115
The name head is already extensively used in the context of the lists
managed by the scheduler. This terminology duplications does not simplify
reading the code. Instead we keep head for the first item in the list,
but use `current` in the variable name and API of the `Cpu_scheduler`
class to refer to the current scheduled share.
Moreover, the `_head_quota` is now `_current_time_left`, because it does
not denote quota but time left for the current schedule. The boolean
variable `_head_claims` gets removed at all. It duplicated the state of
whether a current share ist set, and whether it has so-called claim time
left.
Ref genodelabs/genode#5115
Give certain scheduler class wide variables and functions clear names:
* quota => super_period_length
* residual => super_period_left
Ref genodelabs/genode#5115
Replace double linked list by normal Genode::List with an additional
pointer to last list member to efficiently handle the scheduler share lists.
Moreover, move it into the private part of the Cpu_scheduler class,
the only scope where it is used anymore.
Ref genodelabs/genode#5115
Minor changes that should not change any semantics:
* Remove `_next_fill()` its short and only used in one context,
in which it is good to know what that code actually does
* Turn boolean values into actual boolean values
* Remove some brackets around one-liner pathes
Ref genodelabs/genode#5115
The `_head_was_removed` variable got introduced in solving #4710, but it
reflects only whether `_head` is a valid pointer or not, thereby it
duplicates state.
Ref genodelabs/genode#5115
Check if controllers port count matches number of ports found in the
port implemented register. In case counts don't match print a diagnostic
message for debugging purposes.
issue #4081
The key element of the improvement is differentiated processing of
events of the following device types.
Mouse: relative motion
Pointer: absolute motion (Qemu usb-tablet and IP-KVM devices)
Touchpad: relative motion via absolute touchpad coordinates
Touchtool: absolute motion (e.g., stylus)
Touchscreen: absolute motion and finger (multi-) touch
Processing is done in two stages for one "input packet". First, all
events of the packet are recorded into the current evdev state with
device-type specific operations. Then, appropriate Genode input events
are generated from the accumulated evdev state in the submission stage
(again by device-type specific functions).
A simple version of tap-to-click was added to the touchpad support.
Fixes#5105
The <transform> filter configurably transforms touch and absolute-motion event
coordinates by a sequence of translation (move), scaling, rotation, and flipping
primitives in sub-nodes.
Issue #5105
Per default, only key presses and releases are logged. The optional
'motion' attribute (boolean) enables logging of motion and touch events.
Issue #5105
This commit enables generic Linux multi-touch support as well as support
for the Wacom Intuos/Graphire tablets as found in the previous version
of the USB HID driver. Events are not properly propagated through
Genode's Event C-API, yet, which will be a follow up.
Issue #5105
When SMP is enabled multicore specific instructions (e.g., pldw) are
generated. These are not supported and lead to invalid instruction
faults on uni-processor systems (like Cortex-A8). Therefore, we disable
SMP for arm_v7 in Linux code. This requires also a switch from the RCU
tree implementation to RCU tiny, which we shadow and dummy implemented.
issue #5104
Until now, in case 'jent_entropy_init' failed an error has been produced
and the following jitterentropy functions (i.e.,
'jent_entropy_collector_alloc') where called nevertheless. In case we
received a bad time source error, for example because the performance
counters are not working on the platform, the entropy collector did not return (endless
loop).
Therefore, this commit treats the failed jitterentropy initialization
not as an error but prints a warning about poor randomness quality and
stops using the jitterentropy library from this point on. The
'Jitterentropy::gen_random_u64' will in this case return the address of
a stack variable * some counter.
This is only a interim solution to make platforms work where performance
counters or TSC values do not exist/work.
issue #5104
The IP for the connect timeout test should be in another nic_router
domain, so ARP request are only processed be the nic_router and no other
IP stacks.
issue #5104
Adjust the plugin to use the socket C-API found under
dde_linux/src/lib/lxip/include/genode_c_api/socket.h'.
This is the first minor step in generalizing the plugin.
isse #5104
The lxip_raw.run script will spawn a client/server scenario that tests
Genode C-API calls. The scenario can be used standalone, meaning no
actual network card is required.
issue #5104
This commit updates lxip from version 4.4.3 to 6.1.20. It uses the
current lx_kit approach and is a shared library again. The stack has
been tested for x86_32/x86_64/arm_v6/arm_v7/arm_8.
The C-interface of the IP stack can be found under
lxip/include/genode_c_api/socket.h.
issue #5104
CONFIG_X86_USE_PPRO_CHECKSUM is a 'def_bool y' and gets re-enabled by
'make olddefconfig'. The PPRO version contains text relocations which we cannot
have in binaries (e.g., 'lea 45f(%ebx ...).').
issue #5104
add bottom half enable/disable to functions with suffix "_bh" were
missing, because some functions release the bottom half separately
(__neigh_event_send).
issue #5104
Add the possibility to execute a module-init call by name using
'lx_emul_init_call', this is used, for example, by lxip to configure and
re-configure the IP address through 'ip_auto_config'.
issue #5104
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).
That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.
Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.
The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.
The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.
Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.
Fix#4081
I2C EEPROMs of the type at24xxx are really slow (ca. 10 kHZ).
This adds the `bus_speed_khz` attribute to the config of the driver and
adapts the i.MX8 driver to support the feature.
Issue gapfruit#1996
Fixes genodelabs#5090
The physical address of the memory used for the guest VMCB is already
present in Vcpu_data. Use the information there instead of storing the
physical address in the host data area, thereby freeing up 8 bytes for
a bigger Mmio class.
Issue #4081
Hitting a BOSD in a Windows guest in Virtualbox 6 leads to calling
`DBGFR3ReportBugCheck`, which leads to the following error since it is
unimplemented in our port:
```
Error: DBGFR3ReportBugCheck: DBGFR3ReportBugCheck called, not implemented, eip=0x1a5c4e4
```
Including the actual method from Virtualbox 6 enables logging
diagnostics for the Windows Blue Screen of Death (BSOD).
To see Blue Screen logging output, enable "dbgf" and "gim" logging
via the `VBOX_LOG` following environment variable in the vbox6 runtime
config.
When manually triggering a BSOD in the Windows guest, this should
produce the following logging diagnostics:
```
GIM: HyperV: Guest indicates a fatal condition! P0=0xe2 P1=0x0 P2=0x0 P3=0x0 P4=0x0
GIMHv: BugCheck e2 {0, 0, 0, 0}
MANUALLY_INITIATED_CRASH
```
Fixes#5099
The libc's internal calculation of the tv_sec and tv_nsec fields must be
based on the same ms value. Otherwise, tv_sec is not always immediately
incremented whenever tv_nsec wraps. For applications, this inconsistency
can result in observed jumps in time.
Fixes#5098
Functions registered with 'module_init' (i.e., '__define_initcalls'),
'OF_DECLARE', and 'DECLARE_PCI_FIXUP_CLASS_FINAL' used to be static
constructors and had be explicitly registered using
'exec_static_constructors' before executing any Linux code.
With this commit we remove the constructor attributes from these
functions and create a global function pointer in the form of
__initptr_<name>_<id>_<counter>_<line number of macro>
'import-lx_emul_common.inc' will collect these '__initptr' symbols after
the compile step and generate a 'lx_emul_register_initcalls' function
that executes the functions pointed to. This step is now automatically
performed in 'lx_emul_start_kernel'. This way a call to
'exec_static_constructors' can be omitted in case there are no other
constructors in place.
issue #5096
The former implementation relied on input drvdata always pointing to
struct hid_device, which is not true for Wacom touch devices (at least).
Now, we implement the input handler for devices providing LEDs
(evbit[EV_LED] set) only and use input_inject_event() to set the LED
states.
This commit brings the etnaviv back end implementation in line
with the one from lima. Since the etnaviv driver itself handles
different contexts implicitly rather explicitly like lima and
iris for the moment only a main-context is used for all operations.
Issue genodelabs/genode-imx#8.
Uploading large files via HTTP PUT failed when the file system was
accessed via a file system session because lighttpd opened the
destination file with O_NONBLOCK and the write operation stalled
at some point.
genodelabs/genode#5093
These domains allow for the hosting of plain http and telnet servers
reachable from the outside. The change is designated for the goa
testbed.
Issue #5092
The commit is a preparation commit for suspend/resume. It prepares the GPU
structures relying on gmadr.cap() (MMIO) to be re-constructible by applying
the with* pattern to context, ring_buffer and ggtt mmio map. It removes
the managed dataspace handling of gmadr subsets to make the with_* pattern
possible.
Issue #5081
This commit is a preparation commit for suspend/resume. The commit
refactors the code in order to consolidate all Platform resources into one
instance. All users within the GPU driver should access the resources with
with_* functions, which checks whether the device resource is usable. The
callers are not allowed to store any references to the provided resources.
With this change, it will be possible in follow up commits, to release
the platform device and to re-acquire it and its resources, e.g. mmio, irq,
gmadr.
Issue #5081
- add PS/2 input drivers
- add GPU client test case - glmark2
- remove display driver before suspend
- route log output via terminal on display to gather information, since in
most cases serial/AMT is not available after ACPI resume
Issue #5081
Clearing very large RAM dataspaces could fill up core's page table,
because the dataspaces are locally mapped to clear them.
This would manifest in a loop where exhausting the local page table
leads to its flushing (which does not work for core) and a retry that
again fills up the page table and so on.
To prevent this, flush RAM dataspaces in chunks of at most 128MiB.
Fixes#5086
If "verbose" is set to true in the config, AcpiOsPrintf etc. are enabled
to log to a dedicated LOG session using the Format:Console utility.
Issue #5083
Prevent errors if precision and left alignment are part of the string.
String precision is applied to limit access to the configured number of
characters but ignored for other types.
Issue #5083
The axis IDs correspond to 2x analog sticks with 2 axes and 2x triggers.
While being at it, the commit changes the Axis_id type to Axis::Id.
Fixes#3669
Failed allocations were still denoted with a successful return value
to the caller. This situation was triggered by artificial testing and
has not been observed yet in practice. In case the 'LIMA_GEM_CREATE'
I/O control fails Mesa will dereference invalid pointers anyway.
Issue genodelabs/genode-allwinner#27.
The frame-pointer-based backtrace does not work without enabling
-fno-omit-frame-pointer explicitly and in most cases leads to page
faults because non-pointer stack values are dereferenced during the
walk. The best we can do is to limit the backtrace walk to the stack of
the current thread to prevent page faults unrelated to the system state
without the use of the backtrace utility.
This commit introduces a printable Backtrace class usable in
Genode::log(), Genode::trace(), etc. The class is based on the new
function for_each_return_address(auto const &fn) that walks the stack in
its limits and calls fn() for each discovered return address on the
stack in the new os/include/os/backtrace.h. Archtecture-specific
stack-pointer retrieval and walk loops are implemented in dedicated
os/include/spec/<arch>/os/for_each_return_address.h files. Also, the
well-known Genode::backtrace() function (which logs the return-address
values) is provided for backwards compatibility.
Fixes#5078
The number of hash entries for TCP/UDP corresponds to the number of
sockets managed by the stack. In case there are more sockets than
entries available, buckets will be created to compensate for the lack of
space. The default values for TCP (524288) and UDP (65536) are meant for
the in kernel that manages all sockets of the user land and leads
to very large hash table allocations (>20MB) during initialization.
Since on Genode a component has its own instance of the IP stack or uses
the VFS server, we do not need these kind of large default settings.
issue #2181
This patch changes the unlink operation of the ram fs to defer the
destruction of a file until it is no longer referenced by any VFS handle.
When unlinked, the file no longer appears in the directory. But it can
still be opened and accessed.
With this change, a parent process of a Unix-like subsystem becomes able
to pass the content of an unlinked file to a forked child process. This
mechanism is required when using the 'exec' command in Tcl scripts.
Another use case is the 'tmpfile()' function.
Fixes#3577
The traced top instance was configured to be active every two seconds
whereas the trace test uses a grace time of only 1.5 seconds before
raising the FOREIGN state of a trace subject as an error.
The state of a trace subject can change only whenever the traced thread
passes a trace point. Hence, with the original configuration, the
release of top as trace subject can take up to two seconds. The patch
reduces the rate to 0.5 seconds to satisfy the expectation of
test-trace.
Following Github support removal for svn [1], dde_rump port fails to
prepare. This commit introduces a new install rule for ports,
'.sparse-git'. It performs a sparse-checkout on the port repository, only
fetching required files.
[1] https://github.blog/2023-01-20-sunsetting-subversion-support/
Co-authored-by: Benjamin Lamowski <benjamin.lamowski@genode-labs.com>
Issue genodelabs#5072
Issue genodelabs/goa#28
According to RFC 1812 ICMP Destination unreachable (Network unreachable)
does not quite our case of clients directly behind the router.
If a packet is to be forwarded to a host on a network that is directly
connected to the router (i.e., the router is the last-hop router) and
the router has ascertained that there is no path to the destination
host then the router MUST generate a Destination Unreachable, Code 1
(Host Unreachable) ICMP message.
Issue #4729
By using `mktime()`, which assumes local time, we render the `TZ`
environment variable ineffective. Instead, `timegm()` should be used to
set the real-time clock to UTC.
genodelabs/genode#5074
The management of Linux page structs is now tied to the life time of DMA
buffers. Thus, page structs are created when a buffer is allocated and
deallocated only when a buffer is freed - not on lx_emul_mem_free()
because DMA buffers are cached. Page struct refcounting was entirely
reworked in lx_emul/shadow/mm/page_alloc.c.
Fixes#4809
When multiple threads (EMT-0..X + nic_ep) enter the very same
critical section, the use of RTCritSectTryEnter may reflect the contention
case to the Network Model (E1000). Since no one notifies the model, when the
critical section is free again, solely the next packet/event triggered by the
guest will resume the former operation. This may lead to long delays until
packets are sent actually.
Instead of using the RTCritSectTryEnter use RTCritSecEnter to avoid the
situation. All of our network code is non blocking, so the network backend
will only be contented a short time.
Follow up commit to
Issue #5045
The devio API in the Linux kernel promised to be a stable layer for our
USB host controller drivers, but the additional bookkeeping and dynamic
allocations increase CPU overhead in a way that we do not accept further.
Therefore, we go a step back and process DMA transactions directly in and
out of the packet stream from the clients.
Fixgenodelabs/genode#5071
Per default Tslab checks that 8 slabs incl. overhead fit into one block.
If this is not desired the template parameter 'MIN_SLABS_PER_BLOCK' can
be used to control the minimum number of blocks.
Fixes#3834
The argument was originally designated to restrict the reach of the
trace monitor but the idea remained unimplemented. It is now superseded
by the use of the trace-session label as trace-subject filter.
Issue #847
This patch changes core's TRACE service to expose trace subjects only if
their PD label matches the label of the TRACE monitor. Hence, by default,
a trace monitor can only observe itself and its child components. Only
if the trace monitor's parent rewrites the trace-session's label, the
view of trace monitor can become broader. For example, when rewriting
the trace label to an empty string "", the trace monitor becomes able to
observe the sibling components hosted in the same init instance as the
trace monitor.
To grant a trace session the special privilege of obtaining a global
system view (including the kernel's trace subjects), the top-level init
has to rewrite the session's label to an empty string. At core, this
specific label "init -> " is handled as a special case that discharges
the filtering/namespacing of trace subjects.
Note that the trace-subject label as reported as subject info is now
given relative to the label of the trace session. As a nice side effect
of this change, the pkg/test-trace_logger works now when executed by the
depot_autopilot as well as via the test.run script.
Issue #847
This option is useful in cases where batching is configured and
failing to fetch a resource should not influence the over-all
result.
Issue genodelabs/genodians.org#32.
In the scope of alloc_dma_buffer(), Out_of_* exceptions might be thrown
at different stages. By adding a Guard object, we make sure to rollback
already created objects accordingly.
genodelabs/genode#5002
As a consequence of the adding IOMMU support to the platform driver,
additional RAM and CAPs are needed for setting up IO page-table
structures.
genodelabs/genode#5002
The platform driver needs additional 2MB of RAM for managing IO page
tables (root table and context tables) that are shared among sessions.
genodelabs/genode#5002
By adding the `irq_type` argument, one can explicitly specify whether to
use LEGACY, MSI or MSI-X interrupts. We formerly used the
`device_phys_config` to implicitly select MSI, however, with the
addition of IOMMU support to the platform driver there is at least one
instance where we need an MSI for a non-PCI device.
Yet, by adding another session argument to the Irq session, we exceed
the character limit for session args. Since not all arguments are
relevant for LEGACY interrupts resp. MSI, we can split the Irq_connection
constructor to handle the two cases separately and omit unneeded
arguments.
genodelabs/genode#5002
DMA buffer allocations are always performed as full pages. However, they
got mapped into the IOMMU domain using the requested size, which may not
be a multiple of the page size. This behaviour was introduced as a regression
by #4761 and is corrected by this commit.
genodelabs/genode#5002
The virtual add_range()-method must not be called from the base-class
constructor since the derived class is not be fully initialized at
this point.
genodelabs/genode#5002
The sculpt manager views only launchers in the + menu that are not present in
the runtime already. However, this check was missing when finding the right
launcher on a click event inside that menu. This could cause the manager to
try deploying an already deployed launcher a again (without any effect)
instead of deploying the launcher that was actually clicked.
Ref #5064
This is a follow-up commit to the adaptation of the run scripts to the
consistent use of [build_artifacts] (issue #4860).
The missing build of libm remained undetected until the recent removal
of implicit shared-library builds (issue #5061).
This patch removes the implicit build of all shared libraries a target
depends on. Targets only depend on the respective ABIs instead. This
alleviates the need to locally build complex shared libraries (think of
Qt) when developing applications. Instead, application developers can
use binary depot archives.
The implementation splits the mk/lib.mk file into three files:
- mk/a.mk for building one static library (.lib.a)
- mk/so.mk for building one shared object (.lib.so)
- mk/abi.mk for building one ABI stub (.abi.so)
Furthermore, the commit moves messages and the collection of build
artifacts to var/libdeps, triggers the build of kernel-specific
ld-<kernel>.lib.so, and prunes the lib-dependency tree at ABIs.
Fixes#5061
- finished tx ack queue should be checked before new allocations
- packets which got not sent must be released in packet stream,
otherwise the network packet stream gets filled up and starves after a while
- rRegister for ack avail packets and process them concurrently to EMT-* threads
by nic_ep thread (thanks @Peter for the findings) + add synchronization.
- add sigh_ready_to_submit to network adapter to improve latency by notifying
the network model explicitly in case we had a full packet stream error case
(_retry resp. VERR_TRY_LATER)
Fixes#5045
This patch mirrors the interface of Sculpt's distant_runtime to the
sandboxed_runtime variant, allowing the configuration of xpos, ypos,
min_width, min_height, opaque, and background color.
Issue #5008
This patch moves the text-editing facility of app/text_area to a
text-area widget as part of the dialog library. This has two benefits.
First, it simplifies app/text_area by using the dialog API. Second, the
editor can now easily be reused by other dialog-API-based applications.
Fixes#5058
The 'Dynamic_array' utility is used by the text_area as internal
representation of text. As a prerequisite step of making the text
editing features generally available as a text-area widget, the
utility must become public.
Issue #5008
This method allows for the inquiry of the current hovering state,
e.g., to suppress an update of the Wifi accesspoint list while
the list is hovered.
Issue #5008
Issue #5053
Several DMA pools of the EHCI/UHCI USB host controller driver declare
that buffers should not cross 4K boundaries. If this property is not met
fatal errors like NMIs may happen during USB operation.
Discussed in issue #5000
Certain USB devices do not react anymore after an endpoint reset
in the use case of USB devices passed through to a virtual machine.
When investigating the only USB session client that needs the
flush transfers request - namely the Qemu xhci model used in
VirtualBox - there seems to be no need to reset the endpoint in fact.
Fixgenodelabs/genode#5050
USB devio splits large transaction into 16 KiB buffers in scatter-gather
lists. Unfortunately, this mechanism seems unreliable most certainly because
of issue #4809 "DDE Linux struct page object aliasing".
Issue #5036
Currently, running ripgrep on Genode emits
"Warning: sysconf(71) not implemented".
Return -1 without setting errno, which is a valid return value according
to getpwnam(3) and silence the warning.
Fixes#5043
This patch replaces the original policy-based 'update_from_xml' by a new
method that takes three functors for creating, destroying, and updating
elements as arguments. XML nodes are associated with their corresponding
internal data models by annotating the element type with the
'type_matches' class function and the 'matches' method.
The patch also improves safety by enforcing that list-model elements can
never be copied.
Fixes#4317
This commit adds support to initialize the timekeeping for
the Linux subsystem with the value from the RTC.
Only the seconds part of timespec64 is supported.
Issue genodelabs/genode#4957
FreeBSD libc code uses only a single spinlock instance and, thus there
is no obvious reason why it would need to be implemented as an actual
spinlock. _spinlock() and _spinunlock() functions are implemented with a
static pthread mutex.
Issue #725
This commit adds a new configuration option, `dst_addr` to the
'sntp_client' that accepts either an IP address or a DNS hostname. If a
DNS hostname is provided, the 'sntp_client' will resolve the IP address
before each SNTP request. The 'dst_ip' configuration option is
deprecated but kept for compatibility until 'dst_addr' is fully adopted.
xsd/net_types.xsd: add Net_address type
sntp_dummy_rtc: adjust configuration to use pool.ntp.org
Fixesgenodelabs/genode#5003
`Expandind_pd_session_client::try_alloc` is an overriden virtual method
of `Ram_allocator::try_alloc`. The latter specifies the default Cache
argument as CACHED. The overriden method should either do the same or
not even specify a default argument at all.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
Feed the high-frequent fetchurl reports into a list model to speed up
the subsequent evaluation of the data.
Also limit the rate of state reporting during updates to visible changes
in percent such that most fetchurl reports do not cause any UI activity
(status updating) any longer.
This patch noticeably speeds up the installation of complex packages
(i.e., the morph browser) on the PinePhone.
Issue #5038
The execution of global-static constructors in Genode is optional for
native components or determined in the libc for libc components. By
convention, we avoid static constructors wherever possible but in rare
cases the component can tweak the point when constructors are executed
and initialize an environment beforehand. The wifi_drv applies this
pattern for the uplink initialization, but is a libc component on the
other hand, and, thus, statics in the Genode C API for uplink are
constructed later by the libc. So, the prior initialization is reverted,
i.e. the signal-handler capability becomes invalid.
This addresses a regression exposed by the following commit.
drivers/wifi: perform multi-staged construction
Related to #3509Fixes#5024
Component names can be larger than widget IDs, which are capped at 20
characters. To uniquely correlate the component depicted in the graph
with clicks, this patch uses a dedicated graph ID for each runtime
component instead.
Fixes#5034
This patch allows for the interactive assignment of the system-control role
to a new component via the resource dialog. This is useful for integrating
low-level components like the Intel frequency/power monitoring tool.
Fixes#5033
Commit "menu_view: ignore zero-sized widgets in box layout" introduces
zero-sized child widgets as a special case but defined zero-sized as
zero covered pixels (w*h == 0). However, for layouting, a widget with a
non-zero height and zero width is not zero-sized.
This patch refines the zero-size condition such that only widgets with
both zero width and zero height are considered as zero-sized.
It thereby solves the missing display of empty lines in the text_area
component.
The 'Xml_node::differs_from' method takes the constructor arguments
(addr, size) for a byte-wise comparison whereas 'with_raw_node'
restricts the byte range to the actual XML tags. In cases where
the XML start tag is preceeded by whitespace, both ranges can differ.
Since the 'differs_from' method is meant for comparing actual XML
nodes - not any whitespace around them - whitespace should be ignored
on both operands.
Issue #5029
This is a follow-up fix for commit "sculpt: apply Dialog API to diag,
panel, and graph", which happened to render the legacy dialogs (network
and settings) inaccessible.
The patch avoids the use of clack seq numbers for the 'popup_opened'
condition (which happens on click, not clack). It also overrides old
click information on the arrival of a new click, avoiding the evaluation
of stale click sequence numbers in distant_runtime.cc. Furthermore, it
reduces the rate of 'Distant_runtime::_try_handle_click_and_clack'.
Issue #5008
On WPA3 encrypted networks the AP picker does not indicate encryption
and does not prompt for a passphrase.
Also indicate an encrypted network when "protection=WPA3", remedying
both issues.
Fixes#5022
Up to now, when using force_*, all other configured modes of a connector
got overwritten and the force_* got enforced. With the commit,
the connector mode is considered (if below max_*) and the resulting
framebuffer may be larger then the dimension of force_*.
Differences in TAR archive member metadata results in unstable depot
hashes. The following properties have to be fixed: modification time
(incl. time zone), numeric owner and group, permission modes.
Releated to #2842
This change allows for the hosting of system-management components
in Sculpt's runtime. The special role must be declared either as
<launcher managing_system="yes"> attribute or in the deploy
configuration's <start managing_system="yes"> attribute.
Issue #5009
Rename locally extended VCPU state from State to Vcpu_state for clarity.
The local namespace only adds two accessor methods, which does not
justify a local generic name.
Ref #4968
Make naming across architectures coherent by renaming Vm_state to
Vcpu_state, to reflect that it contains the state of a Vcpu and not that
of an entire VM.
Ref #4968
Per Affinity::Location a system control cap can be requested. The capability
provides an RPC interface to request and set Cpu_state, as provided by the
former Pd::managing_system(Cpu_state) method. Invocation of those system
control capabilities then *can* (see below) be executed on the desired CPU
as described by Affinity::Location.
The system control cap will be invalid for kernels that don't support
system_control/managing_system functionality at all.
The system control cap will be ever by the same, e.g. ignoring the
Affinity::Location parameter, if the used kernel doesn't support or doesn't
require the feature to execute the system control per CPU.
The commit is a preparation step to add guarded and selective x86 MSR
access per CPU.
Fixes#5009
This patch partially converts the Sculpt manager to the dialog API.
At this stage, both the old utilities and the new dialog API are still
used simultaneously.
Issue #5008
The so-called 'Distant_runtime' implements GUI dialogs via menu_view
components hosted at a distant init instance as opposed to child
components (as implemented by the 'Sandboxed_runtime'). This is
particular the case in Sculpt OS where the sculpt manager is not the
parent of the menu_view instances.
Issue #5008
By renaming 'Dialog' to 'Deprecated_dialog', we become able to use the
name 'Dialog' for the new API while temporarily keeping the original
interface in tact.
Issue #5008
- Increase default timeout to one minute
- Ignore power-button events during display-driver startup to avoid
entering another forced blank when pressing the power button twice.
- Prevent wakeup from user activity except for the power button.
So the volume can be adjusted without leaving the screensaver.
Issue #4950
The new API at gems/include/dialog/ aids the creation of simple GUI
applications based on the menu-view widget renderer. Its use is
illustrated by the simple test application at src/test/dialog/
that is accompanied with the dialog.run script.
Issue #5008
Each hover change of the character position within a label results in a
new hover report, which needs to be evaluated by the application. For
the common cases where labels are used as button texts or for presenting
passive information, the level of detail is not needed while the
recurring hover reports induce overhead at the application side.
This patch mitigates this overhead by excluding labels from the hover
reporting by default.
For use cases that actually depend of precise hover reporting of labels,
for example an editable text area, the hover reporting can be enabled by
setting the 'hover="yes"' attribute of the label.
The 'Widget::_version' attribute was meant to allow the deliberate
replacement of a widget by a same-named widget by changing the version
while keeping the name, thereby suppressing any geomety animation.
However, the implementation missed to populate the attribute with the
value provided by the dialog ROM, prompting the unconditional
re-creation of the widget whenever a 'version' attribute was specified.
Even though this had the (desired) effect of preventing geometry
animations, it could cause feedback loops between hover reports and
dialog ROMs because the 'hover_changed' condition in 'Menu_view::Main'
would always stay true while a versioned widget is hovered.
To prevent exessive allocations the bounce buffers are allocated
once and afterwards re-used. The DMA buffers are provided by an
range allocator whose backing store increases in 4 MiB chunks.
The range allocator might not merge the ranges as those chunks
are not necessarily allocated continously. Allocations larger
than the static chunk size are therefor treated as error.
Internally libyuv uses malloc & free for short time dynamic memory
allocation during image transformation. The converted images are
such large, that the Libc allocator will create and destroy new Genode
dataspace per image. In time sensitive code paths, the overhead can be
noticeable by the caller of the image transformation.
The patch adds the option to register callbacks in the libyuv library to
implement the image allocation by users of the library. They may implement
caching strategies to avoid the overhead, e.g. as seen with qemu-usb and
the webcam model.
and not before. On Windows guest with more than 1 vCPU, the packets
seem to arrive and/or seem to be handled too late in the Webcam model.
An intermediate state, to due the late packet, has been used to decide to
close the Capture session too early.
In SDL2, support has been added for multiple windows.
As such, prior to this commit, invoking _sdl_screen.construct
would create a new window each time the original window was
resized.
To avoid this, refactor to only construct the window once, and
upon resize events, reconstruct the SDL_Surface and SDL_Texture
of Sdl_screen to the new window dimensions.
Issue identified by @chelmuth in https://github.com/genodelabs/genode/pull/4993#issuecomment-1729530634Fixes#4993
Following the official migration guide of SDL [1], the
fb_sdl framebuffer driver was update from SDL1 to SDL2.
The sdl2 port in world/src/lib/sdl2 is used.
Since SDL1 is in maintenance mode [2], support for other
display servers than X11 will never be implemented. In
particular, support for Wayland is missing from SDL1.
Fortunately, a port of sdl2 is maintained in genode-world.
As SDL2 is actively developed, it will provide support for
modern hardware architectures, and has mature support for
Wayland [3].
[1]: https://wiki.libsdl.org/SDL2/MigrationGuide
[2]: https://wiki.debian.org/Wayland#SDL1_.28unsupported.29
[3]: https://wiki.debian.org/Wayland#SDL2_.28supported_since_2.0.2.2B-.29
Issue #4993
The new API emphasizes control over the vCPU data by granting access
through the Vcpu::with_state() method, which makes sure that the vCPU is
stopped, invokes the supplied function with a reference to the VM state
and resumes the vCPU if the function returns true.
The old Vcpu::run(), Vcpu::pause() and Vcpu::state() methods are removed
in favor of the new API. Execution of the vCPU is now interrupted by
sending a native Genode Signal to its Vcpu_handler, which will run the
VMM's exit handling method. When this method retrieves the vCPU state by
calling Vcpu::with_state(), the outside interruption is detected and on
x86 a recall exit is injected into the state to signal the vCPU
interruption / pause request to the VMM's vCPU handler.
Ref #4968
instead via the hardware registers of the FPU. On Genode all components and
so VMMs are built such, that the compiler may generate optimized code by
using the FPU at any time. We had to make sure to save the
FPU state as early as possible before the VMM component touches the FPU,
to avoid corrupting & losing guest FPU state. This caused headache again
and again. To avoid the uncertainty, we remove this feature and explicitly
transfer the FPU state via the UTCB.
Depending on the client and use-case the current minimal timeout
value of 5 ms could be too high, lowering it to 1 ms stays within
the limit imposed by most timer drivers.
Issue #4990.
When the wait value is too small the HALT attempt turnes into
busy-polling in the VMM. To prevent that always wait a minimal
amount of time.
Issue #4990.
This patch removes the obsolete 'io_progress_elem', which was wrongly
enqueued to the 'read_ready_waiters' fifo and not dequeued at
destruction time.
Fixes#4987
Remove 'usb_hid', 'usb_net', 'usb_modem' from dde_linux port. These
versions have been updated to Linux 6.1.20 which uses the 'linux.port'
file.
issue #4958
The driver is superseded by the USB network driver (usb_net) which also
contains MBIM support for LTE modems previously provided by this
driver.
issue #4958
The drivers uses the 'virt_linux' api and the current lx_kit
implementation. It is a drop-in replacement for the Linux 4.16.3 based
version.
issue #4958
NCM tries to batch TX packets using timeouts (500us) and does not send packets
before 3 packets are in the submit queue. Timeouts take milliseconds on
dde_linux which leads to delayed ACKs and poor performance for the RX case.
Therefore, we send small packets (<100 Bytes) immediately without batching (it
might be an ACK or last packet of a larger transfer).
issue #4958
The PinePhone Modems' CDC Ethernet Interface does not respond if RX/TX queue size
is greater 12 (experimentally determined), the default would be 60, meaning 60
RX Bulk URBs are sent at once to the device.
issue #4958
A WRITE_ERR_WOULD_BLOCK may occur when large reports are written to a file
system because this fills up the submit queue of the packet-stream interface.
Fixesgenodelabs/genode#4988
This commits introduces changes to test number 4, so it must keep
more than one PKG. Also, it introduces a 5th test to verify that the
<remove_all/> functionality does delete everything in the depot.
Issue genodelabs#4866
This commits introduces improvements to the test functions to avoid
code duplication, and renames these functions to reflect better what they
are used for.
Issue genodelabs#4866
The last character should only be skipped if a `\0` or `\n` is found. If
the string ends without such a character or the maximum line length is
hit, we do not skip the last character.
Fixesgenodelabs/genode#4985
Dynamically loading the `compat-libc` breaks `fork(2)` on Genode.
Switch `compat-libc` to a special api package that provides a source
file for statically linking the library, analogous to the `blit`
package. This also requires a quirk in Goa but should prevent breaking
`fork()` and removes the runtime and archive dependencies for Rust
packages using `compat-libc`.
Ref genodelabs/goa#61
Implement FBSD_1.0 versions of libc functions ('stat', 'fstat'). The
functions are versioned with @FBSD_1.0, and therefore, will not clash
with libc during linking. However, to be called by our dynamic linker,
the library must be before libc in the NEEDED section of the binary
using it. This requires the lib to be in front of libc in the LIBS
variable. The library currently will call libc 'stat' and 'fstat' by
looking up the symbols via 'dlsym'.
Ref genodelabs/goa#61
Some Ubuntu installations (e.g., 20.04) create installation disks with
strange C/H/S MBR partitions like 3988/255/2. Normally, VirtualBox reads
the MBR to guess disk geometry information for the virtual BIOS.
Unfortuantely, the strange values from Ubuntu lead to a heavy
virtual-disk activity on boot. Therefore, this commit forces the use of
calculated values based on the assumption that large disks use LBA
addressing anyway.
Fixes#4978
Adds Genode::Hex_dump class to the formatted_output.h header. This class can be
used to print a hexadecimal dump of a byte range. The data is printed in a
format similar to that used by Linux's 'xxd'. In addition to the 'xxd' format,
consecutive duplicate lines are replaced with a single "*\n" as done also by
Linux's 'hexdump'.
Ref #4966
The DHCP client implementations of Ping originally is a copy of the NIC router
implementation adapted for Ping. The two versions diverged further over the
years. This issue should be solved by should merging them into a centralized
implementation. However, this commit treats only a recent issue with the
nic_uplink.run test on pbxa9 qemu but does this by re-aligning the two
implementations partially. The final merge should be done in a separate commit.
Ref #4966
The Depot Autopilot used to filter out tabs and color sequences before
forwarding the test log to the own log. This commit prevents this and further
cleans up the string-filters code.
Ref #4922
The new 'log_prefix' attribute is effective when used in a tests runtime in
<succeed> or <fail> tags that have a non-empty content string. When matching
the log against the pattern given in the affected <succeed> or <fail> tag, the
Depot Autopilot will consider only those test-log lines that start with the
given prefix.
Ref #4922
* Removes the <event> tag from all test package runtime files and replaces the
contained <timeout> and <log> sub-tags with the new tags <succeed> and
<fail>. If a <succeed> or <fail> tag has a content, it defines a log pattern
that should be recognized and render the test failed or successful. If a
<succeed> or <fail> tag has an attribute after_seconds that is not set to 0,
it defines a timeout after which the test should be rendered failed or
successful.
* Adapts the Depot Autopilot to support the new syntax in the test-package
runtime files. However, for now, the Depot Autopilot is kept compatible to
the old syntax as well. If the <events> tag is present, it is prioritized
over the new syntax.
Fixes#4922
Several nightly network-related tests fail currently on sel4/pc because the
new e1000 NIC driver requires more capabilities. The "drivers nic" package
was already adapted to the new requirement but some tests fail to provide
enough caps to the corresponding sub system. This commit tries to fix all
remaining tests.
Ref #4923
* During a session-close, the device-specific usb task and driver data
gets freed. Part of it was the RPC data. To prevent use-after-free
turn it into a pointer and leave it on the stack of the caller thread
* During a device release, URBs discards, and reset operation the Linux task
might get blocked, and then a RPC caller task might return if the RPC
operation was marked as finished already, although it hasn't succeeded yet
* USB devio RESET has to be done before a device release to be effective
Fixgenodelabs/genode#4969
* Within flush_transfer of the USB session a given entrypoint gets
resetted, to be effective al related URBs need to be discarded first
* Discarding URBs shall be done in reverse order, like libusb is doing it,
where it warns about potential races otherwise
Ref genodelabs/genode#4969
* Adds a new component server/nic_uplink that forwards packets unmodified
between one Uplink session at one side and potentially multiple Nic sessions
at the other side.
* Adds a new run script nic_uplink.run that does a basic test with multiple
Nic clients on this component and adds it to the autopilot list.
* Adds a new depot recipe src/nic_uplink for this component.
* Adds a new depot recipe pkg/pc_nic for deploying the pc_nic_driver together
with a nic_uplink server. This allows for raw access to the network connected
to the Nic of the system in contrast to the commonly used routed and NAT'd
access via NIC router. That said, it enables the use of network protocols
not yet supported by the NIC router at the cost of less protection.
Ref #4966
Introduces a new class that does the clean-up if some exception is
thrown while creating the session. This reduces redundancy and overall
lines of code.
Ref #4966
by just test the migration feature, without relying on load measured on the
CPUs. On Qemu (and depending on other load in the Linux system), the migration
feature gets not triggered in time reliable.
* Allow support for kernel configurations without CONFIG_IRQ_DOMAIN_HIERARCHY
* Export `irq_domain` instantiated for driver-specific extensions of the irqchip
Fixgenodelabs/genode#4964
This change allows a monitored VBox instance to specify a distinct
(lower) priority to the VM session to ensure that the VMM is always
prioritized higher than the VCPUs. This is important because host
I/O at the VMM should always be able to preempt a busy guest.
Issue #4917
Decreasing the internal buffer size will implicitly limit the number
of blocks provisioned for recording and brings them in line with
the number of blocks used for playback (2).
Note that this patch also sets an upper-bound on the number of
samples in 'Audio_*::PERIOD'.
If all connectors are set to disabled by configuration, the connectors
stayed enabled since the new configuration reveals no preferred or minimal
resolution/mode. Instead, use the last set resolution in order to get to the
disabling code.
The memory barriers where introduced with commit "test-timeout: fix build
errors with -std=gnu++20" presumably in order to prevent GCC optimization from
removing the empty for loops the test is using because using a volatile index
variable was no longer an option.
However, the memory barriers seem to have a negative effect on the measurements
performed with the affected loops. The commit caused the timeout test to fail
at least on imx53_qsb.
This commit fixes the issue by using a simple empty for loop without volatiles
or memory barriers but protected inside a function that is compiled with
optimization disabled.
Ref #4959
This commit extends the Lx_kit initialization function by passing in
a signal handler that is used to perform the normally occurring
scheduler execution and is a follow-up change for the decoupling
scheduler execution commit.
Instead of burying the signal handler in the 'Lx_kit::Scheduler'
object it is provided by the main object where the driver is free
to perform any additional step before or after executing the scheduler.
Issue #4927Fixes#4952
Since the wireless LAN driver is actually a 'Libc::Component' due to
its incorporation of the 'wpa_spplicant' application, we have to
intercept its construction because we have to initialize the Lx_kit
environment before any static ctors are executed. Most Linux initcalls
are implemented as ctors that will be otherwise implicitly executed
before the controll is given to us in 'Libc::Component::construct'.
Issue #4927.
The timer used to read the counter first and then the IRQ status. This
could cause a non-wrapped counter value to be considered a wrapped
counter value, leading to bogus timeout durations.
This commit fixes the bug and documents the used timer mode in the
driver in order to make future debugging of the driver easier.
Ref #4959
Prevent missing new RPC calls handed over to a Linux task
of a corresponding usb-device, while that task blocked
during enqueuing of asynchronous URBs.
Fixedgenodelabs/genode#4955
* add a sensible priority setup into the test script in order to protect
drivers and stack components from the demanding net clients
* delay the starting of the net clients by 5 seconds in order to give the
drivers and stack components some time to startup in peace
* use only explicit service routing and caps values
Ref #4923
This patch replaces the exception-based error propagation by the use of
'Attempt' return values, which eliminates side effects of the exception
handling - cxx_heap allocations - from code paths that are used by the
the cxx_heap itself (when growing the cxx_heap).
It thereby fixes the failure of the sub_rm test at the "attach RAM ds to
any position at sub rm - this should fail" step.
Fixes#4953
This patch enhances Sculpt with the ability to detect user inactivity
for driving a screensaver by combining nitpicker's hover and focus
reports with a timer.
Issue #4950
Nitpicker's hover and focus reports contain an 'active' attribute, which
can be inspected for the detection of user activity, e.g., as trigger
for a screensaver or for dynamic clipboard policies.
When using the 'Event' session, the reporting code updated the reports
only on incoming events. This patch adds the periodic reporting as used
when using the old 'Input' session.
Issue #4950
Decoupling the scheduler execution can lead to missed interrupts
because the current implementation only handles one pending
interrupt and requires immediate processing.
This commit introduces a helper object that is used to capture
any occuring interrupts that are then handled consecutively.
Issue #4927.
Prior to this commit, whenever an external event occurred, for example
timer or interrupt, the corresponding I/O signal handler was triggered.
This handler unblocked the task waiting for the event and initiated the
immediate execution of all unblocked tasks. Since these tasks may hit
serialization points, e.g. synchronously waiting for packet stream
operations, that require handling of other I/O signals this leads to
nested execution. This, however, is not supported and mixes application
and I/O level signal handling.
The flagging of the scheduling intent is now decoupled from its
execution by using an application level signal handler that is run in
the context of the components main entrypoint. The I/O signal handler
now triggers the scheduling execution by sending a local signal to
the EP.
Since it might be necessary to execute a pending schedule from the EP
directly the scheduler is extended with the 'execute' member function
that performs the check that the scheduler is called from within the
EP and triggers the execution afterwards.
Issue #4927.
On disconnect of displays, e.g. seen with Type-C connectors, the encoder was
not properly disabled due to a missing drm_client_modeset_commit. In order that
the commit succeed, however a fb must be assigned to the modeset. Missing to
do so leads to an -EINVAL by the drm_client_modeset_commit.
Fixes#4948
Fixes alignment faults that occured in the AES256 implementations while
wrapping or unwrapping keys on imx53_qsb, imx6q_sabrelite, and imx7d_sabre.
The problem was that the unwrap_key/wrap_key functions did reinterpret casts
from unsigned char pointers to uint64_t pointers and then directly used the 64
bit values of referenced by the latter. Most probably this caused the compiler
to optimize operations in the assumption that the pointer is 8-byte aligned
which then created alignment faults.
As a solution, this commit changes the interface of the wrap_key/unwrap_key
functions to take uint64 pointers as arguments instead of unsigned char
pointers and then adapts the function users to ensure that they refer to
appropriately aligned memory regions.
Fixed#4932
The initial memory backend implementation was brought over from DDE
Linux and was geared towards use-cases where a high-performing
allocator is useful. In case of the audio driver this is overkill
and since no other driver that could benefit from such an
implementation was ported in the meantime rather use a simpler
implementation that keeps the overhead down.
Fixes#4946.
Since component.cc is no longer linked to core, we can also remove
entrypoint.cc, which was merely a dependency of component.cc.
Related to issue #4784
This patch replaces the global '_wait_for_exit_sem' object by a local
static variable, which does not rely on the global ctors. It thereby
fixes the fault_detection test after the removal of the global ctors
execution from core ("base: remove component.cc from core").
Issue #4784
With these options enabled comparative testing between pc_linux drivers
and bzImages becomes much easier on EFI-only machines. The impact on the
actual Genode drivers is minimal.
This patch removes the use of the Entrypoint::schedule_suspend mechanism
and the call of glibc's exit from the lx_hybrid tests, for two reasons.
First, the interplay of atexit handlers executed by the glibc and
Genode's lx_hybrid library is complicated while bringing no benefits in
practice as lx_hybrid applications are usually servers that don't exit
anyway.
Second, the Entrypoint::schedule_suspend mechanism in not used by any
other component. By removing its use from the lx_hybrid tests, we can
remove this mechanism from the base library.
Issue #4940
By supplying only the parts of the Env that are actually relevant for
initializing the cxx heap, we avoid the need for the 'Env' interface.
The patch also moves the call of 'init_ldso_phdr' to the outside
of the cxx library because it does not belong there.
Issue #4784
USB devices that are never associated to client sessions lack
usb_per_dev_data (and a kernel thread). Therefore, the devices should be
discontinued directly on unplug as no URBs can be pending.
Issue genodelabs/genode#4795
This commits enables the R8169 driver and was tested with two
RTL8168h/8111h (10ec:8168 rev 0x15 sub 1462:7a38 / 1d05:109f) and
two equal RTL8125B (10ec:8125 rev 0x5 sub 1458:e000) devices
running Sculpt.
Firmware loading is for now not implemented but specific Linux
commits suggest it could be necessary. However, doing so will be
post-poned until we have gathered more experience with the driver.
Restarting the driver might lead to the following IOMMU error
messages but the device seems to work anyway:
[ 0] IOMMU:0xffffffff817ec040 FR:0x8a00000000002500 FI:0xfffffffdf8d30000 type:0x8 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2000004200002500 FI:0x000c21b0 type:0x2 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004200002500 FI:0x000c21a0 type:0x2 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004200002500 FI:0x00138000 type:0x2 BDF:25:00.0
[…]
[ 0] IOMMU:0xffffffff817ec040 FR:0x8a00000000002500 FI:0xfffffffdf8d30000 type:0x8 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004300002500 FI:0x00124000 type:0x2 BDF:25:00.0
Issue #4921.
While this approach still scans "holes" in the bus range, it stops
scanning at the maximum subordinate bus number reachable from the base
PCI bus at the host bridge. Startup under Qemu no longer takes about 12
seconds for scanning 256 buses.
By splitting the 'init_capability_slab()' implementation to a separate
compilation unit 'capability_slab.cc', base-hw no longer needs a
customized version of 'lib/base/platform.cc'.
Related to issue #4784
This patch replaces the internal use 'env_deprecated()' from the
implementation of the thread API in the base library. It also
replaces the global accessor 'main_thread_cap' by the explicit
propagation of the main-thread's capability to the single point of
use via a new 'init_thread_bootstap' function.
Issue #4784
This back end can be used in place of the existing jitterentropy based
on in case random is not strictly needed by the component but one
wants to use the available 'shadow/drivers/char/random.c'
implementation.
Issue genodelabs/genode-allwinner#21.
The implementation was already part of the Zynq's sd_card driver and
since other ARM drivers need it as well, promote it to the common
shadow library.
Issue genodelabs/genode-allwinner#21.
* Removes all previous structs that represented an on-disc block layout
and were therfore subject to a number of layout restrictions (packed,
padding members, enum representations, etc.).
* Adds a replacement struct without any layout restrictions for each of the
removed structs. The new structs are named similar to the old structs.
* Adds block encoding and decoding utilities for easily converting from the
new structs to on-disc blocks and vice-versa (Block_scanner, Block_generator,
T::decode_to_blk, T::encode_from_blk)
* Adapts all affected places in the library to encode and decode proberly
instead of simply casting pointers.
* Thereby cleans up the hashing utilities to use typed-reference args instead
of void pointers.
* Re-enables run/tresor_tester and test-file_vault_vonfig_report for platforms
rpi, imx53_qsb, imx53_qsb_tz, imx6q_sabrelite, imx7d_sabre.
Ref #4819
* Replaces bool access types with uint8_t access types
* Ensures, that the framework always uses the smalles possible uint type
for the return value wherever a bitfield is read and returned to the user.
Ref #4924
In some instances, the fetchurl progress determined by
depot_download_manager will be empty when the download fails (e.g. due
to a 404), this commit fixes a bug where this would be interpreted as
the download having completed which would subsequently start hash
verification of a package that has never actually been downloaded.
Fixes#4919
The depot_remove component can delete PKG archives with
automatically resolving dependencies and deleting archives that are not
required on the system anymore.
Issue genodelabs#4866
On some platforms (x86_32/pistachio, x86_64/sel4) system startup is slow
and the previously configured 30 seconds not sufficient. With this commit, the
timeout is raised to 60 seconds only when running on such a platform.
Ref #4923
This test was originally a copy of ping.run and therefore unnecessarily
inherited all its complexity for testing ping component behavior. Additionally,
ping.run was more actively maintained and evolved over time whereas
nic_dump.run didn't receive the same care. Now, the test fails on certain
platforms although NIC dump works just fine. Therefore, this commit reduces the
test behavior to what is really necessary for testing nic_dump and by doing so,
also fixes the failing targets.
Fixes#4926
On x86_32 okl4, the test timed out although the test timeout was already at
240 seconds for this platform. Instaed of raising it further, this commit
reduces the number of ping rounds for all platforms that are considered as
slower by the test.
Ref #4923
This patch restricts 'Region_map::attach_executable' to create read-only
mappings, while offering the option to map the full rights using a new
'attach_rwx' method.
The 'attach_rwx' method is now used by the dynamic linker to explicitly
attach the linker area with full rwx rights. With the old page-fault
handling code, the execute flag was evaluated only for leaf dataspaces,
not for managed dataspaces while traversing region-map hierarchies.
With the new page-fault handling code, the execute bit is downgraded
to no-execute when passing a managed dataspace that is not attached
as executable.
Issue #4920
The change "core: allow offset-attached managed dataspaces" addressed a
corner case of the use of nested region maps. Apparently, this change
negatively affects other scenarios (tool_chain_auto).
In order to confidently cover all the differnt situations, this patch
reworks the page-fault resolution code for improved clarity and safety,
by introducing dedicated result types, reducing the use of basic types,
choosing expressive names, and fostering constness.
It also introduces a number of 'print' hooks that greatly ease manual
instrumentation and streamlines the error messages printed by core.
Those messages no longer appear when a user-level page-fault handler
is reistered for the faulted-at region map. So the monitor component
produces less noise on the attempt to dump non-existing memory.
Issue #4917Fixes#4920
The new monitor component at os/src/monitor is the designated successor
of the gdb_monitor. This initial version, however, implements only the
subset needed to inspect the memory of the monitored component(s).
In contrast to the gdb_monitor, the new component supports the monitoring
of multiple components, leveraging the sandbox API. It can therefore be
used as a drop-in replacement for the init component. Like the gdb_monitor,
the new monitor speaks the GDB protocol over Genode's terminal session.
But the protocol implementation does not re-use any gdbserver code,
sidestepping the complexities of POSIX.
There exist two run scripts illustrating the new component. The
os/run/monitor.run script exercises memory inspection via the 'm' command
by letting a test program monitor itself. The os/run/monitor_gdb.run
script allows for the interactive use of GDB to interact with monitored
components.
Issue #4917
Let the sandbox library disregard all unknown config sub nodes so that
supplemental information - like the monitor policy configuration - is
not interpreted as a misconfiguration ("unknown config element type ...").
Issue #4917
This patch moves the destruction of the child's PD session after the
closing of all other sessions because the PD session's role as resource
container might still be needed for orderly reverting the session quotas
when closing the other remaining sessions.
Issue #4917
By default, the sandbox uses the Env::pd() as reference PD session of
the sandbox children.
However, to accomodate use cases where the interplay of the reference
PD session and the child's address space needs to be intercepted, this
patch adds a constructor that takes an interface for the controlled
access of PD intrinsics as argument.
Issue #4917
This patch replaces the former 'address_space' accessor by a new
'with_address_space' interface that grants access to the region map of
the child's address space, but limits the interface lifetime to the
scope of the caller.
Issue #4917
This patch adds the missing application of the region offset to the
resolution of page faults inside managed dataspaces, which resulted in
an unexpected "invalid mapping" message after attaching a managed
dataspace with an offset.
This limitation could be observed during the implementation of the debug
monitor that locally maps a portion of the debugging target's address
space, e.g., a view port of 16 MiB. All traditional uses of managed
dataspaces (e.g., stack area, linker area) happened to attach the
managed dataspaces from their beginning.
Issue #4917
* add semaphore command to ring in order to be able to stop ring
execution before reset (Wa KabyLake)
* implement reset sequence as done by the Linux driver
* reset ring and cancel job of vgpu causing hang
* lower watchdog timeout 1000ms -> 200ms
* improve scheduling of vgpus so progress after reset is made
* improve the generation chaos a little
* tested on Skylake, Kaby Lake, Tiger Lake
issue #4916
* Use jitterentropy only if supported.
On certain targets like pbxa9 or zynq_qemu, the performance counter always
yields 0, which renders jitterentropy unusable. On these platforms, the
Tresor tests now use a static value as entropy source instead.
* Adds a new package test-file_vault_config_report_no_entropy that is used by
the Depot Autopilot on targets without jitterentropy support instead of
test-file_vault_config_report. The only difference between the two packages
is the value of the above described new config attribute of the File Vault.
* Circumvent alignment fault.
The Tresor lib for now has the deficiency of using on-disc data structures
directly in code instead of decoding them first to unpacked, naturally
aligned structures. This causes problems with memory-access alignment on
several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
this properly is a bit of work, the commit disables the tresor_tester and
file_vault_config_report test on the affected platforms in autopilot mode for
now.
* Further adjustments
* Make benchmarks optional
* Use a smaller tresor for rekeying
* Clean up image parameters
* No use implicit routes/resources
* Reduce ram consumption
* Reduce test timeout
* Raise cap quota, required for sel4 x86_64.
Ref #4819
The debug mode turned out to be unnecessry because the plugin can be simply
replaced with an <inline> file VFS plugin that has a content size of 32 bytes.
Ref #4819
* relaxes the timing and reduces the test steps because pistachio is quite
slow and would otherwise trigger problems with our easy approach of using a
dynamic rom instead of a proper manager
* provide IO_PORT and IRQ session to timer driver
Ref #4819
With the update to sel4 and the gcc 12, assembly instructions are generated
and used, like POPCNT. The instruction is available on our native hardware,
but not emulated by the default cpu model necessarily, which leads to
undefined opcode exceptions (Qemu 4.2.1 && seL4). Additionally, the features
of the default Qemu cpu model may vary between Qemu releases and makes it
harder to correlate effects.
The attachment removal is triggered actually on _ds member destruction time,
but after the io_mem representation for the specific base-<platform> possibly
vanished already during _unmap_local in the ~Io_mem_dataspace. This creates
on base-sel4 several kernel warnings about invalid capabilities.
Issue #4913
