Commit Graph

770 Commits

Author SHA1 Message Date
Josef Söntgen
6addd6cf1e os: fix Node_rwx::rwx
Fixes #3658.
2020-02-27 14:46:57 +01:00
Norman Feske
9b0fbf000e sandbox: support for local state-report handling
Fixes #3647
2020-02-20 12:11:22 +01:00
Norman Feske
46c5a90ba1 nitpicker_gfx: Text_painter::Font::index_at_xpos
This method is useful for finding the character under a mouse position.
2020-02-20 12:08:16 +01:00
Norman Feske
52e582132f os/vfs.h: handle corner case in join function
When specifying "/" or "" as rel_path to the 'Directory' constructor,
the constructed directory should refer to the same directory. The
implementation of the join utility did not consider this corner case. It
occurred during the attempt to use fs_query with "/" given as path.

This patch also adds a Directory::Entry::dir accessor that returns true
if the entry is a directory.

Fixes #3630
2020-02-20 12:08:16 +01:00
Stefan Kalkowski
22498e0b09 os: add backtrace utility for arm_64
Fix #3621
2020-02-04 16:10:22 +01:00
Norman Feske
c67a0d3dd8 os/dynamic_rom_session.h: support Xml_generator
This patch adds a special variant of a 'Content_producer' called
'Xml_producer', which allows the direct use of an 'Xml_generator'
for generating the ROM-module content.
2020-02-04 15:51:09 +01:00
Norman Feske
78c0e5f6b6 New sandbox library extracted from init component
This patch extracts the child-management functionality from the init
component into a new library called "sandbox". The library API is
located at 'os/include/os/sandbox.h'.

The sandbox API allows for the interaction of the component with the
sandboxed children by providing locally implemented services. This
mechanism is illustrated by the new test at os/src/test/sandbox.

Issue #3601
2020-02-04 15:51:09 +01:00
Norman Feske
f82e7df0ba os/buffered_xml.h: support for generating XML
This patch extends the 'Buffered_xml' utility with a new constructor
that fills the buffer with the output of an 'Xml_generator'. It thereby
presents an easy way to generate XML to be consumed locally.

The patch also add a deprecation mark to the original 'xml' accessor
because copying 'Xml_node' objects (here as return value) is dangerous.
The new 'with_xml_node' method should instead be used to access the XML
content stored in the buffer.

Fixes #3602
2020-02-04 15:51:09 +01:00
Christian Helmuth
9a35743df6 Mark packet-stream descriptor head/tail as volatile
`volatile` effectively prevents instruction reordering by the compiler
and fixes an issue with -O3 compiled components.

Note, this commit does not address further arguments regarding memory
barriers and volatile voiced in issue #693.

Issue #693
2019-12-20 14:34:22 +01:00
Norman Feske
f85ec313de os/vfs.h: handle zero-sized files
The 'File_content' class failed to consider zero-sized files.

Fixes #3557
2019-12-19 16:59:03 +01:00
Norman Feske
3ac970ac1d Streamline Timestamp::INVALID values
This is a follow-up patch for issue #1784 that solves two
inconsistencies.

- The Vfs::Timestamp::INVALID matches File_system::Timestamp::INVALID
- The Noux libc plugin tests for Timestamp::INVALID instead of a
  positive value.

The patch fixes the mtime info as shown in directory listings in
Sculpt's inspect window.
2019-11-21 14:26:27 +01:00
Emery Hemingway
c51b4b5742 New VFS plugin for emulating POSIX pipes
Add a new plugin for creating pipes between pairs of VFS handles. It is
intended to replace the libc_pipe plugin, one of the last remaining libc
plugins.

In contrast to the libc_pipe plugin, this plugin defers cross-handle
notification until I/O signal handling rather than block and unblock
readers using a semaphore. This is a performance regression in the case
of multiple threads blocking on a pipe, but shall be an intermediate
mechanism pending renovations within the libc VFS and threading layers.
As a side effect, threads blocked on a pipe might not be resumed until
the main thread suspends and dispatches I/O signals.

The "test-libc_pipe" test has been adjusted to use the VFS pipe plugin
and tests both local pipes and pipes hosted remotely in the VFS server.

Merge adaptations (such as EOF handling, adjustment to VFS/libc
interface changes) by Norman Feske.

Fix #2303
2019-11-19 14:54:13 +01:00
Norman Feske
d7b1a89087 file-system session: use same dirent size as VFS
This change allows for the conversion of directory entries in place
(i.e., in the VFS server) and anticipates the potential future merge of
both types into one.

Issue #3547
2019-11-19 14:54:13 +01:00
Martin Stein
b541a0d448 smbios.h: move to os/include/smbios
Fixes #3489
2019-11-19 14:54:12 +01:00
Josef Söntgen
dbecceec09 expanding_reporter: configure initial buffer size
Fixes #3543.
2019-11-19 14:44:02 +01:00
Norman Feske
7549189f88 vfs: watch support for Readonly_value_file_system
This patch adds support for watch notifications for the
'Readonly_value_file_system', which is often used by VFS plugins to
implement pseudo files. It thereby enables VFS clients to respond to
VFS-plugin events (think of terminal resize) dynamically.

Fixes #3523
2019-11-19 14:42:23 +01:00
Martin Stein
60d37f690c packet_stream_*: fix missing dissolve on exception
When the construction of a member of Packet_stream_*::Rpc_object after
the _cap member threw an exception, the object was not dissolved from
the entrypoint although the Rpc_object vanished at this point. This was
because the call to 'manage()' happened in the initializer list (for the
_cap member instantiation). The destruction of the _cap member then did
not dissolve the object.

This first fix moves the call to 'manage()' into the constructor body
after the instantiation of all other members. A more sophisticated fix
would use some kind of 'Managed_object' life-time guard that manages an
object on construction and dissolves on destruction.

Ref #3525
2019-11-19 14:42:22 +01:00
Norman Feske
c85bc38802 Move include/gems/vfs.h to include/os/vfs.h
Fixes #3515
2019-11-19 14:23:56 +01:00
Norman Feske
5bb366513b Remove os/src/app/cli_monitor
Nowadays, we use standard command-line tools like vim to edit init
configurations dynamically, which alleviates the need for a custom CLI.
The CLI-monitor component was too limited for use cases like Sculpt
anyway.

The patch also removes the ancient (and untested for long time)
terminal_mux.run script, which used to be the only remaining user of the
CLI monitor.

Issue #3512
2019-11-19 14:23:56 +01:00
Norman Feske
5ab1505d43 file system: enhanced file status info
This patch extends the 'File_system::Status',
'File_system::Directory_entry', and the related 'Vfs' types with
the following additional information:

- Distinction between continuous and transactional files (Node_type)
  (issue #3507)
- Readable, writeable, and executable attributes (Node_rwx),
  replacing the former 'mode' bits
  (issue #3030)

The types 'Node_rwx', 'Node_type' are defined twice,
once for the VFS (vfs/types.h) and once for the 'File_system'
session (file_system_session/file_system_session.h).
Similarly, there is a direct correspondance between
'Vfs::Directory_service::Dirent' and 'File_system::Directory_entry'.

This duplication of types follows the existing pattern of keeping the
VFS and file-system session independent from each other.
2019-11-19 14:23:56 +01:00
Christian Helmuth
cc611834c9 input: repeat events require valid codepoints
Issue #3483
2019-11-19 14:23:54 +01:00
Josef Söntgen
9a82bbb54d vfs: add modification time member to directory_service
Issue #1784.
2019-11-19 14:17:30 +01:00
Josef Söntgen
2ec3aaf639 file_system_session: add modification time
* add modification_time member
* add WRITE_TIMESTAMP packet
2019-11-19 14:17:30 +01:00
Christian Helmuth
4491c070be input: fix Codepoint::INVALID in Press event
The Press event is actually a Press_char event with a default codepoint.
The default codepoint is now

  Codepoint { Codepoint::INVALID } /* value 0xfffe */

in contrast to

  Codepoint { Input::Event::INVALID } /* value 0 */

Issue #3483
2019-08-28 14:22:32 +02:00
Christian Helmuth
a97b8043b5 utf8: non-character U+fffe as invalid codepoint
Unicode non-characters [1] are guaranteed to never be used for a
character. The formerly used U+fffd however is a valid character - the
replacement character [2] correctly displayed by Qt5 as <?>.

[1] https://en.wikipedia.org/wiki/Universal_Character_Set_characters#Non-characters
[2] https://en.wikipedia.org/wiki/Specials_(Unicode_block)#Replacement_character

Issue #3483
2019-08-28 14:22:32 +02:00
Norman Feske
cc437a5eca Spelling fix in os/single_session_service.h 2019-08-21 13:35:52 +02:00
Martin Stein
cb6377355e sntp_client: report received transmit timestamp
For now in libports because it relies on contrib sources from musl doing
the time data conversion.

Ref #3448
Ref #3450
2019-08-21 12:37:02 +02:00
Josef Söntgen
ea2b330158 rtc: extended session with set-signal
A client may register a signal handler to be notified whenever the
RTC value was changed, i.e., a mis-configured clock was synchronized,
by calling 'set_sigh()'.

Issue #3450
2019-08-21 12:37:01 +02:00
Josef Söntgen
86cacd23bb rtc: add documentation comments
Issue #3450
2019-08-21 12:37:01 +02:00
Martin Stein
1e379cb3a9 drivers/acpi: provide plain SMBIOS table as report
Ref #3430
2019-08-13 12:02:03 +02:00
Josef Söntgen
91ce57848c rtc_session: make timestamp printable
Issue #3438.
2019-08-13 12:02:03 +02:00
Norman Feske
fc7b983a40 terminal: clipboard support
Fixes #2079
2019-07-09 08:58:38 +02:00
Christian Prochaska
f99a1d78bb os: fix 'CUU' terminal command
Decrement the y position to move the cursor up.

Fixes #3379
2019-05-29 10:20:52 +02:00
Norman Feske
405a9d2144 Refinements for updated "Genode Foundations" book
- Improve API descriptions
- Remove obsolete Xml_node::value method (fixes #3323)
- Follow coding style 'const char' -> 'char const'
- Avoid '>>' when nesting templates (limitation of parse_cxx)
2019-05-27 14:52:53 +02:00
Emery Hemingway
4caffd79db Ethernet multicast support at nic_bridge
Fix #3282
2019-05-27 14:46:53 +02:00
Christian Prochaska
2aeb1a70ea os: remove 'register' keyword from 'pixel_rgba.h'
Fixes #3331
2019-05-16 13:11:02 +02:00
Stefan Kalkowski
911f4ada0a os: make platform_drv package ready for ARM
* Make target binaries independent of board SPECS
* Name binaries of one architecture unambigously
* Extend include path to match board specifics
* Adapt run-scripts to use the right binary

Ref #2190
Ref #3180
2019-05-16 12:52:59 +02:00
Stefan Kalkowski
c767f6ccf1 os: explicit cache policy in Nic::Session_component
To enable the use of uncached DMA buffers as RX and TX communication
buffers in between driver (service) and client, introduce a cache
attribute in the constructor of Nic::Session_component

Ref #3291
2019-05-06 16:15:26 +02:00
Norman Feske
784206c85c block_session: new client-side API
This patch equips the 'Block::Connection' with a framework API for the
implementation of robust block-session clients that perform block I/O in
an asynchronous fashion.

An application-defined 'JOB' type, inherited from 'Connection::Job',
encapsulates the application's context information associated with a
block operation.

The lifecycle of the jobs is implemented by the 'Connection' and driven
by the application's invokation of 'Connection::update_jobs'. The
'update_jobs' mechanism takes three hook functions as arguments, which
implement the applications-defined policy for producing and consuming
data, and for the completion of jobs.

Issue #3283
2019-05-06 16:15:25 +02:00
Norman Feske
976f67eee6 os: make 'Block::Operation' printable
Issue #3283
2019-05-06 16:15:25 +02:00
Norman Feske
e5f27b44b5 block_session: turn 'Connection' into template
As a preparatory step for introducing the new block-client API, we have
to turn the 'Block::Connection' into a class template. The template
argument will be used to tie an application-defined job type to the
block connection.

Issue #3283
2019-05-06 16:15:25 +02:00
Norman Feske
6c0dd9fe3b block_session: use types from block/request.h
Issue #3283
2019-05-06 16:15:25 +02:00
Norman Feske
c433f87000 os: batching of packet-stream source operations
This patch adds support for manually triggering the wakeup of the packet
sink by the source. This way, a packet source becomes able to marshal
batches of submissions or unmarshal batches of acknowledgements before
yielding the control over to the sink.

Issue #3283
2019-05-06 16:15:25 +02:00
Norman Feske
593e971121 block_session: SYNC and TRIM as async operations
This patch removes the blocking Block::Session::sync RPC function and
adds the asynchronous operations SYNC and TRIM to the block session's
packet-stream interface.

Even though the patch adjusts all block components to the interface
change, the components keep the former blocking handling of sync
internally for now because of the design of the 'Block::Driver'
interface. This old interface is not worth changing. We should instead
migrate the block servers step by step to the new
'Block::Request_stream' API.

Fixes #3274
2019-05-06 16:15:24 +02:00
Norman Feske
e058adc4fe block_session: add client-defined request tag
The new request tag allows a block-session client to uniquely correlate
acknowledgements with outstanding requests. Until now, this was possible
for read and write operations by taking the value of the request's
packet-stream offset. However, SYNC and TRIM requests do not carry any
packet-stream payload and thereby lack meaningful offset values. By
introducing the notion of a 'tag', we can support multiple outstanding
requests of any type and don't need to overload the meaning of the
'offset' value.

Issue #3274
2019-05-06 16:15:24 +02:00
Norman Feske
a39474a245 block-request stream: split Operation from Request
This patch splits the 'Request' definition into smaller types that are
suitable for the client-side API too.

The new 'Operation' type comprises the block operation's type (opcode)
and the operation's arguments (block number, block count).
The former 'Request::operation_defined' is now 'Operation::valid'.
The 'Request' aggregates an 'Operation', which changes its object
layout.

Note that this commit relaxes the bit-precise definition of 'Request' to
facilitate the use of 'unsigned long' where appropriate, in particular
for the request tag (which should correspond to an 'Id_space::Id'). The
originally bit-precise definition was pursued to allow the sharing of
the 'Request' type between SPARK and C++ code. However, it turns out
that defining a native type in each language and a (set of) converting
constructors is a more natural approach.

Issue #3283
2019-05-06 16:15:24 +02:00
Norman Feske
51f51c18af block/request_stream: rename wakeup_client
This patch renames 'wakeup_client' to 'wakeup_client_if_needed' to
clarify that the method triggers signals only when needed, not on every
call.

The name 'wakeup_client' is prone to misguide users to call the function
conditionally as an optimization, thereby complicating the code, but to
no effect.

Fixes #3279
2019-05-03 13:53:12 +02:00
Norman Feske
bbe3ee8dc5 block_session: server-defined payload alignment
This patch replaces the formerly fixed 2 KiB data alignment within the
packet-stream buffer by a server-defined alignment. This has two
benefits.

First, when using block servers that provide small block sizes like 512
bytes, we avoid fragmenting the packet-stream buffer, which occurs when
aligning 512-byte requests at 2 KiB boundaries. This reduces meta data
costs for the packet-stream allocator and also allows fitting more
requests into the buffer.

Second, block drivers with alignment constraints dictated by the
hardware can now pass those constraints to the client, thereby easing
the use of zero-copy DMA directly into the packet stream.

The alignment is determined by the Block::Session_client at construction
time and applied by the Block::Session_client::alloc_packet method.
Block-session clients should always use this method, not the 'alloc_packet'
method of the packet stream (tx source) directly. The latter merely
applies a default alignment of 2 KiB.

At the server side, the alignment is automatically checked by
block/component.h (old API) and block/request_stream.h (new API).

Issue #3274
2019-05-03 13:53:12 +02:00
Norman Feske
2208220c12 block session: remove Block::Session::Operations
This patch modernizes the 'Block::Session::info' interface. Instead of
using out parameters, the 'init' RPC function returns a compound 'Info'
object now. The rather complicated 'Operations' struct is replaced by
a 'writeable' attribute in the 'Info' object.

Fixes #3275
2019-05-03 13:53:12 +02:00
Martin Stein
9d236e8e03 block/request: fixed enum values 2019-04-09 12:30:35 +02:00
Martin Stein
a9851aca55 block/request: add member 'tag'
Issue #3274
2019-04-09 12:30:35 +02:00
Emery Hemingway
a635873568 VFS: Replace global response handlers with local handlers
Replace the I/O response handler that is passed to the VFS at
construction with an object that is dynamically attached to handles.
This object shall also accept read-ready notifications, and plugins are
encouraged to keep handles awaiting ready-ready notifications separate
from handles that await I/O progress.

Replace the use of handle lists in plugins with handle queues, this
makes the code easier to understand and the ordering of notifications to
the application more explicit.

These changes replace the use of the Post_signal_hook from all VFS
plugins, applications must assume that read-ready and I/O notifications
occur during I/O signal dispatch and use an Io_progress_handler at its
entrypoints to defer response until after signal dispatching.

Fix #3257
2019-04-09 12:30:34 +02:00
Josef Söntgen
3362216b66 os: clear remaining samples in Audio packet
... instead of potentially producing out-of-bounds write in the source
buffer.

Fixes #3264.
2019-04-09 12:30:34 +02:00
Josef Söntgen
5ceba11982 os: make Audio_out content filler data arg const
Issue #3264.
2019-04-09 12:30:34 +02:00
Emery Hemingway
800b4e44b1 Reduce Vfs::Vfs_handle::Context to empty struct type
The "Vfs::Vfs_handle" type should not contain any public members that
can be initialized by the VFS internally and by the application, so
remove inheritance from the "Genode::list::Element" class. The VFS
plugins must instead use lists of "Vfs::Vfs_handle" sub-classes, the
lifetime of which are always managed by the plugin.

Ref #3036
2019-04-01 19:33:47 +02:00
Norman Feske
4353c9e0f1 os: make Block::Request_stream::Ack noncopyable
This is a safeguard against accidentally taking the 'Ack' interface as a
value instead of a reference.

The 'Payload' interface should also not be copied (and potentially
stored) because it contains a pointer.
2019-03-19 11:00:01 +01:00
Norman Feske
4f99224255 ram_fs: increase max file size on 64 bit to 8 GiB
Fixes #2315
2019-03-18 15:57:00 +01:00
Norman Feske
ebd9f36b0d os: Pixel_rgba::transfer interface
The new 'transfer' function interface defines how pixel/alpha values
sampled from texture are applied to a destination pixel, similar to the
role of a fragment shader in GPU-based rendering. The transfer function
can be customized by defining custom pixel types, which may be (but
don't need to be) derived from 'Pixel_rgba'.

Issue #3221
2019-03-18 15:56:24 +01:00
Emery Hemingway
93fb79f357 Check for existing directories at Vfs::Dir_file_system
Return OPENDIR_ERR_NODE_ALREADY_EXISTS for existing directories.
Remove deprecated 'is_directory' method.

Fix #3083
2019-03-04 10:57:04 +01:00
Christian Helmuth
fb155b95c7 Clarify documentation of Block::Session::info()
Also cleanup some proscribed abbrevations.

Fixes #3185
2019-02-28 11:34:07 +01:00
Johannes Schlatow
c1caeb7e70 zynq: improve cache handling in nic_drv
Clean and invalidate caches in nic_drv before/after triggering DMA.

Issue #3179
2019-02-26 14:47:02 +01:00
Norman Feske
5ed5fddb7c base/os: remove deprecated APIs
This commit removes APIs that were previously marked as deprecated. This
change has the following implications:

- The use of the global 'env()' accessor is not possible anymore.
- Boolean accessor methods are no longer prefixed with 'is_'. E.g.,
  instead of 'is_valid()', use 'valid()'.
- The last traces of 'Ram_session' are gone now. The 'Env::ram()'
  accessor returns the 'Ram_allocator' interface, which is a subset of
  the 'Pd_session' interface.
- All connection constructors need the 'Env' as argument.
- The 'Reporter' constructor needs an 'Env' argument now because the
  reporter creates a report connection.
- The old overload 'Child_policy::resolve_session_request' that returned
  a 'Service' does not exist anymore.
- The base/printf.h header has been removed, use base/log.h instead.
- The old notion of 'Signal_dispatcher' is gone. Use 'Signal_handler'.
- Transitional headers like os/server.h, cap_session/,
  volatile_object.h, os/attached*_dataspace.h, signal_rpc_dispatcher.h
  have been removed.
- The distinction between 'Thread_state' and 'Thread_state_base' does
  not exist anymore.
- The header cpu_thread/capability.h along with the type definition of
  'Cpu_thread_capability' has been removed. Use the type
  'Thread_capability' define in cpu_session/cpu_session.h instead.
- Several XML utilities (i.e., at os/include/decorator) could be removed
  because their functionality is nowadays covered by util/xml_node.h.
- The 'os/ram_session_guard.h' has been removed.
  Use 'Constrained_ram_allocator' provided by base/ram_allocator.h instead.

Issue #1987
2019-02-26 14:44:15 +01:00
Norman Feske
b24edc1633 Remove residual uses of deprecated APIs
Issue #1987, related also to issue #3163 and issue #3164.
2019-02-19 11:12:12 +01:00
Norman Feske
b3727a9b46 Add missing override annotations
Issue #3159
2019-02-19 11:12:11 +01:00
Norman Feske
00fa48a886 os: new Block::Request_stream API
Issue #3092
2019-02-19 11:12:10 +01:00
Josef Söntgen
f9523c32d5 os: accessor for addr and size of packet stream 2019-02-19 11:08:18 +01:00
Norman Feske
3858e1df51 os: support for deferred packet-stream signals
This patch enhances the packet-stream API with the principle ability to
side-step the built-in implicity data-flow signals and manage the
signals manually. This allows for a more efficient batching of packet
processing.

Issue #3092
2019-02-19 11:08:18 +01:00
Norman Feske
69d6145f5a os: don't hide tx_cap from block-session interface
The 'tx_cap' RPC function is only used at session-creation time. For
this reason, it was not listed in the "official" RPC interface in
'block_session.h'. However, this makes the interface more obscure than
it needs to be. So this patch promotes it to a regular RPC function.

Issue #3092
2019-02-19 11:08:18 +01:00
Emery Hemingway
22327b43ae Refactor terminal for intrinsic Unicode support
Refactor the graphical terminal server to internally represent
characters as 16-bit codepoints and handle the duplex terminal stream as
UTF-8.

- Make the Codepoint class printable to the Output interface
- Decode data received at the Terminal session from UTF-8 to a 16-bit
  character
- Pass 16-bit characters through terminal decoder and char-cell arrays
- Send Unicode through terminal session in a burst of UTF-8 bytes

Fix #3148
2019-02-19 11:08:17 +01:00
Norman Feske
d3759811b6 os/session_policy: warn if no policy exists
The situation where a 'Session_policy' is constructed for a label with
no matching policy is in almost all cases a configuration problem.
A diagnostic message eases pin-pointing such mistaks. By adding the
message to the 'Session_policy', servers don't need to manually handle
the exception to provide diagnostic information. This simplifies the
server code in many components.
2019-01-30 13:49:55 +01:00
Norman Feske
ba2b0b8360 gems: remove the use of deprecated APIs
This patch also updates os/slave.h because the app/launcher cannot be
reasonably updated without it.

Issue #1987
Issue #3125
2019-01-30 13:49:54 +01:00
Norman Feske
6b94e65a95 os: avoid using deprecated APIs
Issue #1987
Issue #3125
2019-01-30 13:49:54 +01:00
Norman Feske
bf62d6b896 Move timer from os to base repository
Since the timer and timeout handling is part of the base library (the
dynamic linker), it belongs to the base repository.

Besides moving the timer and its related infrastructure (alarm, timeout
libs, tests) to the base repository, this patch also moves the timer
from the 'drivers' subdirectory directly to 'src' and disamibuates the
timer's build locations for the various kernels. Otherwise the different
timer implementations could interfere with each other when using one
build directory with multiple kernels.

Note that this patch changes the include paths for the former os/timer,
os/alarm.h, os/duration.h, and os/timed_semaphore.h to base/.

Issue #3101
2019-01-14 12:33:57 +01:00
Norman Feske
76e96e92cb nitpicker: avoid color bleeding
This patch improves the output of opaque pixels in the presence of an
alpha channel by adding a special case for the maximum alpha value.

Fixes #2831
2019-01-07 12:43:23 +01:00
Norman Feske
56cb1885bb decorator: make window-layout updates more robust
This patch improves the window decorators in the following respects:

* Strict warnings are enabled now.
* The use of the 'List_model' makes the application of window-
  layout changes more robust. This is particularly the case for
  the restacking of windows.
* Display-mode changes are now supported by both decorators.

Issue #3094
2019-01-07 12:33:57 +01:00
Josef Söntgen
108034b050 packet_stream: packets w/o payload are still valid
Packets whose data is stored within the Packet_descriptor itself
but not as payload, .e.g Usb::Packet_descriptor, are valid packets
after all. So loosen the packet valid check for zero-sized packets
is reasonable.

Fixes #3076.
2019-01-07 12:33:54 +01:00
Alexander Boettcher
85b998a4af os: nullpointer check in os/path.h
Issue #3022
2019-01-07 12:25:45 +01:00
Alexander Boettcher
dbeb1b82a9 os: avoid warning in ethernet.h
issued by clang/llvm static analyzer
2019-01-07 12:25:45 +01:00
Alexander Boettcher
aa03c4ce9f os: avoid garbage warnings in app/painter
Issue #3022
2019-01-07 12:25:45 +01:00
Alexander Boettcher
5572430ba5 os: avoid ambiguous warnings for vfs/server
between File_system and Vfs::File_system

Issue #3022
2019-01-07 12:25:45 +01:00
Emery Hemingway
9c7d5b2a66 Implement print and min/max for Microseconds and Milliseconds
Ref #3050
2019-01-07 12:25:42 +01:00
Emery Hemingway
a2bdcc68c2 Throw exception for invalid packets at packet streams
Some application code is dereferencing the pointer returned by
'packet_content' at packet streams without checking that it is valid.
Throw an exception rather than return a null pointer, except for
zero-length packets, which have somewhat implicit invalid content and
that we believe to be properly handled in all current cases.

The client-side of a packet stream cannot take corrective action if the
server-side is sending packets with invalid content, but the servers
that provide packet streams should catch this exception to detect
misbehaving clients.

Ref #3059
2018-11-29 11:54:29 +01:00
Johannes Schlatow
74f2954013 packet_stream: improve buffer alignment
The bulk buffer is now 64Byte-aligned so that the allocated
packets get aligned likewise (assumed the packet allocator uses an
appropriately aligned block size). This ensures that each packet
starts at a new cache line on common platforms.

Issue #3053
2018-11-29 11:46:02 +01:00
Christian Prochaska
fd7ab79fe0 vfs: implement 'complete_sync()' in 'Single_file_system'
Fixes #3047
2018-11-27 11:38:13 +01:00
Norman Feske
c60604062c decorator: improve robustness of window restacking
This patch improves the detection of new appearing top-most windows.
Such a window should prompt the decorator to bring the corresponding
nitpicker view(s) to the front of the view stack. The original
implementation relied on hints provided by the layouter (the 'topped'
attribute). With the patch, the decorator tracks the top-most window by
itself, which improves the robustness.

As a second improvement, the patch defers the destruction of windows to
the point when all other window operations are completed. This hides
intermediate states when replacing one window by another in one step,
which is typical for console-like scenarios. Hence, this patch should
eliminate flickering artifacts when switching from one virtual console
to another.

Issue #3031
2018-11-16 14:53:26 +01:00
Christian Prochaska
9a2af89c4e vfs: use correct enum values in 'Dir_file_system::open_composite_dirs()'
Fixes #2968
2018-09-13 15:21:11 +02:00
Josef Söntgen
0603481aaa terminal: remove upper character range check
The more constrained upper limit leads to ommitted characters like
umlauts.

Fixes #2957.
2018-09-03 17:07:00 +02:00
Emery Hemingway
2041f957da Terminal: improved handling of escape sequences
Add additional parsing modes to the sequence decoder to detect and
discard unhandled sequences for ECMA-48, DEC private, and Xterm.

Add new behavior for cursor movement, cursor hiding, character deletion,
and line-wrapping.

Fix #2923
2018-08-08 11:27:41 +02:00
Emery Hemingway
08b774e318 VFS: add an error to to the Sync_result enum
Sync errors can be used to indicate failed writes across the File_system
session.

Ref #2920
2018-08-02 14:36:49 +02:00
Sebastian Sumpf
037a0d6822 usb_drv: add isochronous packet support
Commit extents USB session an driver accordingly.

issue #2910
2018-08-02 14:36:46 +02:00
Christian Prochaska
b2f7a6a934 vfs_lxip: look up path in 'leaf_path()'
Fixes #2913
2018-08-02 14:36:43 +02:00
Christian Prochaska
e3005266b6 vfs: no 'handle_io_response()' in regular VFS functions
Calling 'handle_io_response()' in a regular VFS function (in contrast to a
post-signal hook) can cause problems if the caller of the VFS function holds
a lock which prevents the io response handler from returning.

With this commit, the user of the VFS becomes responsible for unblocking
threads which might be blocking after a failed 'queue_read()', 'queue_sync()'
or 'write()' call.

Fixes #2896
2018-08-02 14:36:43 +02:00
Emery Hemingway
c18bee3d5b Input::Binding for non-C++ language bindings
Quietly insert forward declaration of a Input::Binding class, and make
it a friend of Input::Event and Input::Session_client. This is to allow
non-C++ language bindings (Nim) to access private members by providing
their own implementation of the Binding class.

Fix #2889
2018-07-03 09:39:35 +02:00
Emery Hemingway
e8dc6c84a4 Add missing XML header to vfs/file_system.h
Ref #2870
2018-07-03 09:39:34 +02:00
Emery Hemingway
366913c146 ram_fs: unmark modification from nodes that have been synced
Removed the modified mark from handles that have been written to when
they are synced, otherwise a notification would be sent again when the
handle is closed.

Ref #2839
2018-06-29 10:44:54 +02:00
Norman Feske
87be50c542 os: add Expanding_reporter::generate(Xml_node)
This method allows for the verbatim reporting of an existing XML node.
2018-05-30 13:36:40 +02:00
Martin Stein
734d174f33 net: get rid of unused mac_from_string method
Issue #2815
2018-05-30 13:36:36 +02:00
Martin Stein
342bdaf4a2 net: generic ascii_to for Netaddress template
Issue #2837
2018-05-30 13:36:32 +02:00
Christian Prochaska
c5f1ac615c Usb::Packet_handler: avoid completion handler recursion
Fixes #2828
2018-05-30 13:36:20 +02:00
Emery Hemingway
29c08d4751 Fix types for VFS error printing
Ref #2793
2018-05-30 13:36:14 +02:00
Martin Stein
41dbad13e4 nic_router/nic_bridge: re-work Mac_allocator
The old MAC allocator had several drawbacks:

* the address base was a public static that could and must have been written
  directly from outside the class
* the in-use-flag array was based on unsigned values consuming 4 bytes each
  for only one bit of information
* it was a public header that we actually don't want to expose to all
  components but only to the few networking components
* it used the not-so-safe bit notation for integer members of GCC

The new version fixes all these drawbacks.

Issue #2795
2018-05-30 13:36:11 +02:00
Martin Stein
980f3e9c5c net: use Size_guard for packet-data accessors
Instead of handing over the maximum available size to the packet data
accessors, hand over a size guard that keeps track of the packets
boundaries.

This commit also moves the size-guard utilitiy header of Ping and NIC
Router to the include/net directory making it a part of the net library.
It applies the new approach to all net-lib users in the basic repositories.

Ping looses its configurability regarding the ICMP data size as this would
require an additional method in the size guard which would be used only by
Ping.

The size guard was also re-worked to fit the fact that a packet can
bring a tail as well as a header (Ethernet).

Issue #2788
2018-05-30 13:36:11 +02:00
Emery Hemingway
483d005350 VFS: detect root dir based on config node type
Ref #2782
2018-05-03 15:32:00 +02:00
Norman Feske
8e0cc44e24 terminal: preserve content during resize
This patch eliminates the flickering of the terminal during resize.
2018-05-03 15:31:59 +02:00
Emery Hemingway
0b980073c1 VFS: close handles via handle method
The using pattern 'handle->close' is less error prone than attempting
'handle->ds().close(handle)' or 'fs.close(handle)'.

Ref #2782
2018-05-03 15:31:57 +02:00
Martin Stein
11a297b557 net: consider tail of Ethernet frame
The Ethernet payload may be followed by padding of variable length and
the FCS (Frame Check Sequence). Thus, we should consider the value
"Ethernet-frame size minus Ethernet-header size" to be only the maximum
size of the encapsulated IP packet. But until now, we considered it to
be also the actual size of the encapsulated IP packet. This commit fixes
the problem for all affected components of the Genode base-repository.

Fixes #2775
2018-05-03 15:31:57 +02:00
Martin Stein
841d583678 net: implement Udp_packet::checksum_error
For checking the checksum of a UDP packet.

Issue #2775
2018-05-03 15:31:56 +02:00
Martin Stein
6b55790e73 net: use generic internet checksum
This reduces the redundant implementations of checksum calculation to
one generic implementation, makes the checksum interface conform over
all protocols, and brings performance optimizations. For instance,
the checksum is now calculated directly in big endian which saves us
most of the previously done byte-re-ordering.

Issue #2775
2018-05-03 15:31:56 +02:00
Martin Stein
373134c4e7 net: safer access to packet data
Replace packet method 'T *data' by the new methods 'T &reinterpret_data'
for parsing or modifying existing sub-protocol packets and 'T
&construct_at_data' for composing a new sub-protocol packet. This has
the advantage that, when composing a new packet, the default constructor
that zero-fills the packet is always called first.

Fixes #2751
2018-05-03 15:31:54 +02:00
Norman Feske
afcad2a968 os: new Input::Event representation
This commit changes the 'Input::Event' type to be more safe and to
deliver symbolic character information along with press events.

Issue #2761
Fixes #2786
2018-05-03 15:31:25 +02:00
Norman Feske
1f1302e185 terminal: use VFS-based font handling
This patch replaces the terminal's formerly built-in fonts with the new
VFS-based font handling.

To avoid the copying of the terminal's font configuration across run
scripts, this patch adds the new terminal/pkg runtime package, which
includes everything needed for instantiating a terminal: the actual
terminal component, the library dependencies (vfs_ttf, which in turn
depends on the libc), a font (bitstream-vera), and a reasonable default
configuration.

Fixes #2758
2018-05-03 15:31:17 +02:00
Norman Feske
0011dd1623 terminal: remove built-in keyboard layout handling
Fixes #2757
2018-04-19 13:38:34 +02:00
Norman Feske
8bcf540915 os: add Text_painter::Font::height method
Issue #2716
2018-04-19 13:38:33 +02:00
Norman Feske
0a72b37363 vfs: Simple::env::apply_config 2018-04-19 13:38:33 +02:00
Emery Hemingway
3c07860aad VFS: watch result is ERR_UNACCESSIBLE by default
Ref #2745
2018-04-19 12:38:50 +02:00
Emery Hemingway
97f50e8e15 VFS: dir fs Opendir must open at least one directory to succeed
Ref #2745
2018-04-19 12:38:50 +02:00
Emery Hemingway
82a683eccc VFS: construct file-systems using Vfs::Env object
Reduce the size and forward compatibility of VFS file-system
constructors by passing an object holding accessors for 'Genode::Env',
'Genode::Allocator', response handlers, and the root file-system.

Fix #2742
2018-04-19 12:38:27 +02:00
Martin Stein
f9af0e6f0c net: packed attribute for Icmp_packet 2018-04-10 13:03:26 +02:00
Martin Stein
ca1751528d net: utilities for DHCP parameter-request lists
Issue #2738
2018-04-10 11:20:49 +02:00
Norman Feske
9d233b73a3 nitpicker: improve 'Session::focus' handling
Nitpicker's 'Session:focus' call used to trigger a one-off focus change
at call time. This focus change did not pass the same code paths as a
focus change triggered by a "focus" ROM update, which led to
inconsistencies.

This patch changes the implementation of 'Session::focus' such that the
relationship of the caller and the focused session is preserved after
call time. Whenever the calling session is focused in the future, the
specified session will receive the focus instead. So 'Session::focus'
represents no longer a single operation but propagates the information
about the inter-session relationship. This information is taken into
account whenever the focus is evaluated regardless of how the change is
triggered.

This makes the focus handling in scenarios like the window manager more
robust.

Issue #2746
2018-04-10 11:20:47 +02:00
Martin Stein
6edf9ccf5a net: get rid of static constructors 2018-04-10 11:20:44 +02:00
Norman Feske
97317b0c95 terminal: change term caps from linux to screen
Fixes #2743
2018-04-10 11:20:43 +02:00
Martin Stein
f152e3e9d0 timeout: dequeue all pending alarms before reschedule
This fixes the problem that large timeouts, when rescheduled, are interpreted
to be from the last now_period instead of, what would be right, the next
now_period. This occured if there were multiple pending alarms at the head of
the queue and the reschedule of the first one was done with the other outdated
deadlines still in place.

Issue #2704
2018-04-10 11:11:55 +02:00
Martin Stein
bfb96536da timeout: _setup_alarm calculates deadline itself
Instead of taking the absolute deadline of a timeout as argument from
outside (where it is calculated with a freshly requested now time), we
now take a relative duration as argument and calculate the deadline with
the scheduler-internal now time (which can be a little bit outdated).
This enables us to schedule timeouts without updating the internal now time
and thereby handle all pending timeouts.

Issue #2704
2018-04-10 11:11:55 +02:00
Martin Stein
38dbd59d8a timeout: become independent of the Alarm framework
Integrate the code of the Alarm framework directly into the Timeout
framework.  The former Alarm-framework methods are all private to the
corresponding classes of the Timeout framework and get prefixed with
'_alarm__'. The latter avoids name clashes and makes it easier to
simplify the code later.

Issue #2704
2018-04-10 11:11:54 +02:00
Martin Stein
365bd347a6 net: ICMP protocol
Packet format and common utilities for the Internet Control Message
Protocol.

Issue #2732
2018-04-10 11:11:52 +02:00
Emery Hemingway
9c6b720ec1 Notification support for the VFS library
Add a new 'Vfs_watch_handle' type to the VFS interface. This handle type
will pass a handle context up through the I/O handler to the application
when a notification event occurs.

Watch support implemented for RAM and File_system plugins, all other
file-systems return WATCH_ERR_STATIC by default.

Test at run/fs_rom_update_ram and run/fs_rom_update_fs.

Fix #1934
2018-04-10 11:11:51 +02:00
Emery Hemingway
344d46ce78 Comparision operators for Genode::Path
Ref #1934
2018-04-10 11:11:51 +02:00
Emery Hemingway
8310a94843 os/path: const 'string' accessor
Ref #2160
2018-04-10 11:11:50 +02:00
Norman Feske
3778558608 os: reworked nitpicker_gfx/text_painter.h
This patch improves the `Text_painter` utility that is commonly used by
native Genode components to render text:

- Support for subpixel positioning
- Generic interface for accessing font data
- Basic UTF-8 support

Since the change decouples the font format from the 'Text_painter' and
changes the API to use the sub-pixel accurate 'Text_painter::Position'
type, all users of the utility require an adaptation.

Fixes #2716
2018-04-10 11:09:18 +02:00
Norman Feske
07cd0d5809 vfs: add 'Readonly_value_file_system'
This file system is meant as a building block for pseudo file systems
that host a directory of several small files where each corresponds to
an attribute of the pseudo file system.
2018-04-10 11:09:18 +02:00
Norman Feske
48c5707a0c vfs: relax root_dir argument of 'Dir_file_system'
By letting the 'Dir_file_system' accept an arbitrary 'File_system'
as root directory, we can use the 'Dir_file_system' as a building
block for creating other file-system types.
2018-04-10 11:09:18 +02:00
Norman Feske
b0b92e4ee2 vfs: pass root directory to plugins
This patch enables the use of the VFS from VFS plugins by passing a
reference of the root directory to the constructors of file-system
instances. Since it changes the signature of 'Vfs::Dir_file_system',
any code that uses the VFS directly requires an adaptation.

Fixes #2701
2018-04-10 11:09:17 +02:00
Norman Feske
d59d07b5e3 os: util/utf8.h for UTF-8 string handling
This patch adds a simple UTF-8 decoder at 'os/include/util/utf8.h'
along with a test at 'os/run/utf8.run'.

Fixes #2717, related to issue #2716
2018-03-27 13:44:27 +02:00
Norman Feske
579ca1063c os: support non-int coordinates in 'Point<>' 2018-03-27 13:43:09 +02:00
Emery Hemingway
013eb506a8 Vfs::Dir_file_system: do not use Vfs_handle for opening directories as files
The Dir_file_system uses static cast to convert handles from the
application to a plugin local type. For this reason, only the local
handle type may be returned from 'opendir' or 'open'. This fixes the
unexpected behavior when opening directories as files.

Fix #2533
2018-02-15 10:22:09 +01:00
Alexander Boettcher
e05a708024 os: reset packet_allocator members
Fixes #2632
2018-02-15 10:22:09 +01:00
Emery Hemingway
4a3fc21ada New watch handle mechanism for File_system session
File_system clients may now watch files and directories for changes by
opening a 'Watch_handle' rather than submitting a 'CONTENT_CHANGED'
packet to the server. When a change happens at a node with an open
Watch_handle a CONTENT_CHANGED packet will be sent from the server to
the client. This serializes registration with other handle operations
and separates I/O handle state from notification handle state.

Test at run/fs_rom_update.

Ref #1934
2018-02-14 20:41:09 +01:00
Emery Hemingway
c7d0accac0 VFS: catch Out_of_ram and Out_of_cap exceptions
Catch out of RAM and capability exceptions and return error values.
Abort opening a composite directory at Dir_file_system where an
opendir call on any child file-system returns an OUT_OF_RAM or
OUT_OF_CAPS error.

Ref #2642
2018-02-14 20:41:07 +01:00
Norman Feske
8aa1e349fc terminal session: propagate resize events
The new 'Terminal_session::size_changed_sigh' RPC function registers a
signal handler that is triggered each time when the terminal size
changes. It enables the client to adjust itself to the new size by
subsequently calling the 'size' RPC function. Of all terminal servers,
only the graphical terminal triggers this signal.
2018-02-14 20:41:03 +01:00
Norman Feske
96a068f90a terminal: improve internal structure
This patch reorganizes the terminal's source code to become easier to
extend. It also enables the strict warning level.
2018-02-09 14:04:32 +01:00
Christian Prochaska
12c8e51071 terminal fixes
- handle line wraps in 'ech()'
- take (1,1) origin into account in 'hpa()' and 'vpa()'
- unify handling of SGR escape sequences of different lengths
- accept the '[?2004h' and '[?2004l' escape sequences (used by midnight commander)

Fixes #2671
2018-02-09 14:04:25 +01:00
Norman Feske
66a93d9199 os: add 'Expanding_reporter' to os/reporter.h
The 'Expanding_reporter' wrapper for the 'Reporter' eliminates
the burden of handling 'Xml_generator::Buffer_exceeded' exceptions
from components that generate reports.

Fixes #2655
2018-02-09 14:04:06 +01:00
Norman Feske
cde8163770 os: make 'Buffered_xml' util publicly available
The 'Buffered_xml' utility is used by three components and a fourth is
on the way. To avoid another duplication of the code, this patch makes
it publicly available at 'os/buffered_xml.h'.
2018-02-09 13:34:17 +01:00
Josef Söntgen
4009239328 vfs: skip synced file systems in complete_sync
Fixes #2606.
2018-01-17 12:14:43 +01:00
Martin Stein
fbd545ae70 net: remove unused enums
Issue #465
2018-01-17 12:14:41 +01:00
Martin Stein
4f1d43ce21 net: remove placement new operators
They are not used any more.

Issue #465
2018-01-17 12:14:41 +01:00
Martin Stein
f4a2d932e3 net: check packet data size in accessor
Instead of having a method validate_size in each packet class, check
sizes in the data accessor of the surrounding packet class. This packet
accessor is the one that casts the data pointer to the desired data type
so it is sensible that it also checks whether the desired type would
exceed the available RAM before doing the cast. This also fits nicely
the fact that for the top-level packet-class of a packet, the size must
not be checked (which was previously done).

Issue #465
2018-01-17 12:14:41 +01:00
Norman Feske
eba9c15746 Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:

* A class with virtual functions can no longer publicly inherit base
  classed without a vtable. The inherited object may either be moved
  to a member variable, or inherited privately. The latter would be
  used for classes that inherit 'List::Element' or 'Avl_node'. In order
  to enable the 'List' and 'Avl_tree' to access the meta data, the
  'List' must become a friend.

* Instead of adding a virtual destructor to abstract base classes,
  we inherit the new 'Interface' class, which contains a virtual
  destructor. This way, single-line abstract base classes can stay
  as compact as they are now. The 'Interface' utility resides in
  base/include/util/interface.h.

* With the new warnings enabled, all member variables must be explicitly
  initialized. Basic types may be initialized with '='. All other types
  are initialized with braces '{ ... }' or as class initializers. If
  basic types and non-basic types appear in a row, it is nice to only
  use the brace syntax (also for basic types) and align the braces.

* If a class contains pointers as members, it must now also provide a
  copy constructor and assignment operator. In the most cases, one
  would make them private, effectively disallowing the objects to be
  copied. Unfortunately, this warning cannot be fixed be inheriting
  our existing 'Noncopyable' class (the compiler fails to detect that
  the inheriting class cannot be copied and still gives the error).
  For now, we have to manually add declarations for both the copy
  constructor and assignment operator as private class members. Those
  declarations should be prepended with a comment like this:

        /*
         * Noncopyable
         */
        Thread(Thread const &);
        Thread &operator = (Thread const &);

  In the future, we should revisit these places and try to replace
  the pointers with references. In the presence of at least one
  reference member, the compiler would no longer implicitly generate
  a copy constructor. So we could remove the manual declaration.

Issue #465
2018-01-17 12:14:35 +01:00
Emery Hemingway
ed89f2f7f0 Add millisecond accessor to Genode::Duration value object
Add a 'trunc_to_plain_ms' method to Gende::Duration to make
millisecond-accurate timing safer and more convenient.

Ref #2335
2017-12-21 15:01:51 +01:00
Martin Stein
70c5c31ec9 nic_router: better warnings on bad DHCP requests
Be more descriptive about why the NIC router thinks that a DHCP request
sent to him is bad.

Issue #2534
2017-12-21 15:01:38 +01:00
Martijn Verschoor
8fe0a7514f Nic::Session_component: pass entrypoint in constructor
Added a new constructor that takes the entrypoint as constructor
argument. The original constructor retrieves the entrypoint from the
Genode environment. This does not allow to use a different entrypoint.
2017-12-21 15:01:33 +01:00
Christian Prochaska
dd98bd67a0 pointer: custom pointer shape support
Make the revised 'vbox_pointer' component the new 'pointer' component.

Fixes #2585
2017-11-30 11:23:22 +01:00
Norman Feske
40c9226bb9 os: add Color::print, enhance ascii_to<Color>
This patch adds a 'Color::print' method as counterpart to the 'ascii_to'
function. If the color is opaque (alpha is 255), its output has the form
"#rrggbb". If the color has a distinct alpha value, the output has the
form "#rrggbbaa". The new version of the 'ascii_to' overload for 'Color'
is able to deal with both forms.
2017-11-30 11:23:14 +01:00
Sebastian Sumpf
9c852c750a vfs: handle root directory explicitly
This makes '/' and the actual root of VFS distinguishable. A VFS root
may contain one ore more '/' entries for each file system. 'opendir' for
the VFS root opens all file systems via 'open_composite_dir', while
'opendir' for '/' only returns a VFS handle.

Fixes #2569
2017-11-30 11:23:10 +01:00
Martin Stein
e87f63944f timeout: replace Duration operators by methods
void += (Microseconds) -> void add(Microseconds)
void += (Milliseconds) -> void add(Milliseconds)
bool < (Duration)      -> bool less_than(Duration)

Issue #2581
2017-11-30 11:23:09 +01:00
Martin Stein
26bcd439f7 timeout: fix bug in duration + duration testing
The += operator contained bugs. We now also do some tests on the Duration
type at the beginning of the timeout test.

Fixes #2581
2017-11-30 11:23:09 +01:00
Norman Feske
a255ffaee9 input: disarm obnoxious press/release events
This patch adds a sanity check to the Event::type accessor. If the key
code of a given PRESS or RELEASE event is out of the valid range, it
reports an INVALID event. This way, client side code does not need to
deal with such edge cases. E.g., on Lenovo notebooks, the ps2 driver
reports strange key events when pressing shift-pageup/pagedown,
violating the general assumption that there is a release event for each
press event. By flagging these events as INVALID, the client-side logic
stays intact.
2017-11-30 11:23:07 +01:00
Emery Hemingway
07b36573ea Restrict VFS Dir_filesystem allocations to 'opendir' only
Allocations made at the client-side of the VFS must be contained within
functions that may return errors indicating resource exhaustion.

Fix #2569
2017-11-30 11:23:02 +01:00
Emery Hemingway
a0c0f3d7c9 Print support for VFS errors
Ref #2569
2017-11-30 11:23:02 +01:00
Emery Hemingway
ca0c86e7af Enforce cap quotas at VFS server, increase initial File_system cap donation
Check at the VFS server that the capability cost of sessions do not
exceed the session quota donation. Raise the default initial capability
donation for File_system connections.

Fix #2553
2017-11-30 11:23:02 +01:00
Norman Feske
55dc3abf00 Move gems/bezier.h to util/bezier.h (in repos/os)
This way, os components (i.e., input_filter) can use it for nonlinear
interpolation.
2017-11-09 12:18:43 +01:00
Christian Prochaska
547cc06976 ram_fs: throw exception when unlinked node gets accessed
Fixes #2536
2017-11-09 12:18:05 +01:00
Martin Stein
0ca248551a net: move Ipv4_address_prefix to nic_router
As this tool is not used by any other component make it local to the
NIC router to keep the net-lib interface small.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
50aba6f21b dhcp: support reading of some further option types
Client ID, maximum message size, IP lease time, and requested address.
All needed for the upcoming DHCP client.

Ref #2534
2017-11-06 13:57:21 +01:00
Norman Feske
dd5b03671d os: don't limit file-systems-session upgrades
The 'File_system::Connection' already performs an on-demand session
upgrade should the server report an 'Out_of_caps' or 'Out_of_ram'
condition. So file-system clients are normally relieved from handling
those exceptions. However, the upgrade was limited to two attempts per
operation (which amounts to 16 KiB). When using the Rump VFS plugin in
the VFS server, this amount does not always suffice. So the exception is
reflected to the client. I observed this problem as a message "unhandled
error" printed by fs_rom. This patch removes the upgrade limit such that
a greedy file-system server becomes iteratively upgraded until it stops
arguing or the client's RAM is exhausted.
2017-11-06 13:57:18 +01:00
Martin Stein
30a96706cb nic_router: dhcp server functionality
One can configure the NIC router to act as DHCP server at interfaces of a
domain by adding the <dhcp> tag to the configuration of the domain like
this:

<domain name="vbox" interface="10.0.1.1/24">
    <dhcp-server ip_first="10.0.1.80"
                 ip_last="10.0.1.100"
                 ip_lease_time_sec="3600"
                 dns_server="10.0.0.2"/>
    ...
</domain>

The attributes ip_first and ip_last define the available IPv4 address
range while ip_lease_time_sec defines the lifetime of an IPv4 address
assignment in seconds. The IPv4 address range must be in the subnet
defined by the interface attribute of the domain tag and must not cover
the IPv4 address in this attribute. The dns_server attribute gives the
IPv4 address of the DNS server that might also be in another subnet.
The lifetime of an offered assignment is the configured round trip time of
the router while the ip_lease_time_sec is applied only if the offer is
requested by the client in time.

The ports/run/virtualbox_nic_router.run script is an example of how to
use the new DHCP server functionality.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
d63c40af3e dhcp: extend options utilities
Provide utilities for appending new options to an existing DHCP packet
and a utility for finding existing options that returns a typed option
object. Remove old version that return untyped options.

Ref #2490
2017-10-19 13:29:44 +02:00
Martin Stein
791fd9806f ipv4 address: conversion from and to integer
Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
d0f5838c61 net: clean up header fields and accessors
Apply the style rule that an accessor is named similar to the the underlying
value. Provide read and write accessors for each mandatory header attribute.
Fix some incorrect structure in the headers like with the flags field
in Ipv4_packet.

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
7b55d4d5d9 ethernet: rework type for ethernet type value
Encapsulate the enum into a struct so that it is named
Ethernet_frame::Type::Enum, give it the correct storage type
uint16_t, and remove those values that are (AFAIK) not used by
now (genode, world).

Ref #2490
2017-10-19 13:29:43 +02:00
Christian Helmuth
f9b3c6d2cf Remove unused os/alarm.h include from loader 2017-10-19 13:29:41 +02:00
Christian Helmuth
28004bc9e6 timer: limit rate of handling timeouts
Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-05 17:40:05 +02:00
Norman Feske
6d361b337b input/root.h: support re-opening of sessions
This patch fixes an aliasing problem of the 'close' method signature
that prevented the Input::Root_component::close method to be called.
This way, the event-queue state was not reset at session-close time,
which prevented a subsequent session-creation request to succeed. With
the patch, input servers like ps2_drv, usb_drv that rely on the
Input::Root_component support the dynamic re-opening of sessions. This
happens in particular when using a dynamically configured input filter.
2017-10-05 17:40:03 +02:00
Josef Söntgen
e1ada57bfa vfs: use unsigned 64bit for media size ioctl
Fixes #2523.
2017-10-05 17:40:02 +02:00
Norman Feske
6fcf95d536 terminal: cursor-key handling w/o set key layout
This patch applies the handling of cursor keys, function keys, and page
up/down keys even if no keymap is defined. This is the case when using
the terminal with character events produced by the input filter.
2017-10-05 17:39:59 +02:00
Martin Stein
2633ff8661 alarm: fix information loss due to int-cast
When we have two time values of an unsigned integer type and we create
the difference and want to know wether it is positive or negative within
the same value we loose at least one half of the value range for casting
to signed integers. This was the case in the alarm scheduler when
checking wether an alarm already triggered. Even worse, we casted from
'unsigned long' to 'signed int' which caused further loss on at least
x86_64. Thus, big timeouts like ~0UL falsely triggered directly.

Now, we use an extra boolean value to remember in which period of the
time counter we are and to which period of the time counter the deadline
of an alarm belongs. This boolean switches its value each time the time
counter wraps. This way, we can avoid any casting by checking wether the
current time is of the same period as the deadline of the alarm that we
inspect. If so, the alarm is pending if "current time >= alarm
deadline", otherwise it is pending if "current time < alarm deadline".

Ref #2490
2017-10-05 17:39:56 +02:00
Josef Söntgen
198019edca os: add Gpu driver for Intel Gen8 HD graphics
This commit introduces a experimental 3D driver for Intel Gen8 HD
graphics devices as well as the corresponding Gpu session.

Fixes #2507.
2017-08-30 09:59:57 +02:00
Emery Hemingway
1fce8d0d74 default ahci_drv and part_blk Block sessions to read-only
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.

Fix #2469
2017-08-28 16:49:51 +02:00
Sebastian Sumpf
66db2ee54e libports: Mesa 11.2.2
OpenGL 4.5 with software and i965 rendering back ends.

issue #2488
2017-08-28 16:49:43 +02:00
Norman Feske
cb72784717 os: add template specialization for alpha pixel
The specialization is needed for applying anti-aliased drawing
operations on alpha channels.
2017-08-28 16:49:39 +02:00
Christian Prochaska
b0935ef9b2 VFS: nonblocking interface
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.

For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.

The most important changes are:

- Directories are created and opened with the 'opendir()' function and the
  directory entries are read with the recently introduced 'queue_read()'
  and 'complete_read()' functions.

- Symbolic links are created and opened with the 'openlink()' function and
  the link target is read with the 'queue_read()' and 'complete_read()'
  functions and written with the 'write()' function.

- The 'write()' function does not wait for signals anymore. This can have
  the effect that data written by a VFS library user has not been
  processed by a file system server yet when the library user asks for the
  size of the file or closes it (both done with RPC functions at the file
  system server). For this reason, a user of the VFS library should
  request synchronization before calling 'stat()' or 'close()'. To make
  sure that a file system server has processed all write request packets
  which a client submitted before the synchronization request,
  synchronization is now requested at the file system server with a
  synchronization packet instead of an RPC function. Because of this
  change, the synchronization interface of the VFS library is now split
  into 'queue_sync()' and 'complete_sync()' functions.

Fixes #2399
2017-08-28 16:49:38 +02:00
Martin Stein
b6efa7f6f9 timer connection: fast initial calibration
The calibration of the interpolation parameters was previously only done
periodically every 500 ms. Together with the fact that the parameters
had to be stable for at least 3 calibration steps to enable
interpolation, it took at least 1.5 seconds after establishing a
connection to get microseconds-precise time values.

This is a problem for some drivers that directly start to poll time.
Thus, the timer connection now does a calibration burst as soon as it
switches to the modern mode (the mode with microseconds precision).
During this phase it does several (currently 9) calibration steps
without a delay inbetween. It is assumed that this is fast enough to not
get interrupted by scheduling. Thus, despite being small, the measured
values should be very stable which is why the burst should in most cases
be sufficient to get the interpolation initialized.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
adaad64fbb timer connection: relax factor shifting
When in modern mode (with local time interpolation), the timer
connection used to maximize the left shifting of its
timestamp-to-microseconds factor. The higher the shift the more precise
is the translation from timestamps to microseconds. If the timestamp
values used for determining the best shift were small - i.e.  the delay
between the calibration steps were small - we may got a pretty big
shift.  If we then used the shift with bigger timestamp values - i.e.
called curr_time seldom or raised calibration delays - the big shift
value became a problem. The framework had to scale down all measured
timestamps and time values temporarily to stay operative until the next
calibration step.

Thus, we now raise the shift only that much that the resulting factor
fullfills a given minimum. This keeps it as low as possible according
to the precision requirement. Currently, this requirement is set to 8
meaning that the shifted factor shall be at least 2^8 = 256.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
6dfb903bd0 timer connection: always work with microseconds
As the timer session now provides a method 'elapsed_us', there is no more need
for doing any internal calculations with values of milliseconds.

Ref #2400
2017-08-23 14:08:36 +02:00
Martin Stein
8750e373a0 timer session: add elapsed_us method
As timer sessions are not expected to be microseconds precise (because
of RPC latency and scheduling), the session interface provided only a
method 'elapsed_ms' although the back end of this method in the timer
driver works with microseconds.

However, in some cases it makes sense to have a method 'elapsed_us'. The
values it returns might be milliseconds away from the "real" time but it
allows you to work with delays smaller than a millisecond without
getting a zero delta value.

This commit is motivated by the need for fast bursts of calibration
steps for the time interpolation in the new timer connection.

Ref #2400
2017-08-23 14:08:36 +02:00
Norman Feske
0b580628cf file system: track content via version counter
This makes the delivery of CONTENT_CHANGED responses more robust.
2017-08-17 10:59:43 +02:00
Christian Prochaska
6a43f3c11a file system: use Id_space instead of Node_handle_registry
Fixes #2436
2017-08-17 10:59:43 +02:00
Christian Helmuth
78f1fd29f7 Translate buffer-exceeded exception in Session_requester
Session_requester inherits from Dynamic_rom_session::Content_producer
which specifies the Buffer_capacity_exceeded exception which is thrown
on insufficient buffer space.
2017-06-29 12:00:03 +02:00
Martin Stein
9b1c26ab7f timeout lib: dynamic interpolation-factor shift
In the timeout framework, we maintain a translation factor value to
translate between time and timestamps. To raise precision we scale-up
the factor when we calculate it and scale-down the result of its
appliance later again. This up and down scaling is achieved through
left and right shifting. Until now, the shift width was statically
choosen. However, some platforms need a big shift width and others a
smaller one. The one static shift width couldn't cover all platforms
which caused overflows or precision problems.

Now, the shift width is choosen optimally for the actual translation
factor each time it gets re-calculated. This way, we can take care that
the shift always renders the best precision level without the risk for
overflows.

Ref #2400
2017-06-29 11:59:54 +02:00
Josef Söntgen
8f577e9d25 usb: use if-else in packet_handler
Apparently this construct leads to a compiler errors like

  error: second operand to the conditional operator is of type ‘void’, but
  the third operand is neither a throw-expression nor of type ‘void’
2017-06-19 12:35:57 +02:00
Emery Hemingway
1eb37fbe22 VFS: move 'sync' from 'File_system' to 'Directory_service'
The the parent 'Directory_service' interface is reachable from
'Vfs_handle', whereas the 'File_system' interface is not.

Fix #2437
Ref #2422
2017-06-12 14:32:07 +02:00
Sebastian Sumpf
c3cf7f3c3a riscv: ISA-1.9.1 and GCC-6.3.0 adaptions
Adds 1.9.1 support to base-hw

Note:
* the kernel timer is not working
* dynamic linking is currently not supported
2017-05-31 13:16:24 +02:00
Stefan Kalkowski
632ef28463 os: removal of deprecated os/config.h (fix #2431) 2017-05-31 13:16:22 +02:00
Emery Hemingway
16be05e530 Optional session label for Rtc connection constructor
Ref #2410
2017-05-31 13:16:22 +02:00
Norman Feske
adb26b5216 API documentation refinements 2017-05-31 13:16:21 +02:00
Christian Prochaska
16deaa9a72 timed_semaphore: fix deprecated warning
Fixes #2429
2017-05-31 13:16:19 +02:00
Norman Feske
0167d5af50 Integrate core's RAM service into the PD service
Fixes #2407
2017-05-31 13:16:14 +02:00
Norman Feske
71efb59873 terminal: add Cell_array destructor
With the capability-quota mechanism, the terminal-session won't always
be constructed completely on the first try (we may run out of caps in
the middle of the construction). Therefore, all members of the object
must be properly destructable. Furthermore, the patch replaces the
sliced heap by a heap to avoid allocating a new dataspace for each line
of the cell array.
2017-05-31 13:16:12 +02:00
Martin Stein
c70fed29f7 os/timer: interpolate time via timestamps
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end.  Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.

This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.

This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled.  Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.

With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.

This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.

Open issues:

* The timeout test fails on Raspberry PI because of precision errors in the
  first stage. However, this does not render the framework unusable in general
  on the RPI but merely is an issue when speaking of microseconds precision.

* If we run on ARM with another Kernel than HW the timestamp speed may
  continuously vary from almost 0 up to CPU speed. The Timer, however,
  only uses interpolation if the timestamp speed remained stable (12.5%
  tolerance) for at least 3 observation periods. Currently, one period is
  100ms, so its 300ms. As long as this is not the case,
  Timer_session::elapsed_ms is called instead.

  Anyway, it might happen that the CPU load was stable for some time so
  interpolation becomes active and now the timestamp speed drops. In the
  worst case, we would now have 100ms of slowed down time. The bad thing
  about it would be, that this also affects the timeout of the period.
  Thus, it might "freeze" the local time for more than 100ms.

  On the other hand, if the timestamp speed suddenly raises after some
  stable time, interpolated time can get too fast. This would shorten the
  period but nonetheless may result in drifting away into the far future.
  Now we would have the problem that we can't deliver the real time
  anymore until it has caught up because the output of Timer::curr_time
  shall be monotone. So, effectively local time might "freeze" again for
  more than 100ms.

  It would be a solution to not use the Trace::timestamp on ARM w/o HW but
  a function whose return value causes the Timer to never use
  interpolation because of its stability policy.

Fixes #2400
2017-05-31 13:16:11 +02:00
Stefan Kalkowski
9b350e7706 os: move private declarations to driver target
Ref #2403
2017-05-31 13:16:09 +02:00
Norman Feske
4d442bca30 Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.

Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.

This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-31 13:16:07 +02:00
Norman Feske
1f4f119b1e Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.

Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.

At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.

If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:

  <default-route>
    <service name="PD" unscoped_label="timer">
      <parent diag="yes"/>
    </service>
    ...
  </default-route>

For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.

Fixes #2398
2017-05-31 13:16:06 +02:00
Norman Feske
e44f65f3b2 core: RAM service based on 'Session_object'
This patch reworks the implementation of core's RAM service to make use
of the 'Session_object' and to remove the distinction between the
"metadata" quota and the managed RAM quota. With the new implementation,
the session implicitly allocates its metadata from its own account. So
there is not need to handle 'Out_of_metadata' and 'Quota_exceeded' via
different exceptions. Instead, the new version solely uses the
'Out_of_ram' exception.

Furthermore, the 'Allocator::Out_of_memory' exception has become an alias
for 'Out_of_ram', which simplifies the error handling.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
3670f7735d base: use 'Quota_transfer::Account' for 'Service'
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.

Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.

With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
6609aafb05 Replace Quota_exceeded by Insufficient_ram_quota
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.

Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).

This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
843dd179d7 base: remove int return types from 'Ram_session'
This patch replaces the existing C-style error codes with C++
exceptions.

Fixes #895
2017-05-31 13:16:04 +02:00
Norman Feske
58f44d39c5 base: use 'Ram_quota' in 'Ram_session' args
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
ff68d77c7d base: new 'Ram_allocator' interface
The 'Ram_allocator' interface contains the subset of the RAM session
interface that is needed to satisfy the needs of the 'Heap' and
'Sliced_heap'. Its small size makes it ideal for intercepting memory
allocations as done by the new 'Constrained_ram_allocator' wrapper
class, which is meant to replace the existing 'base/allocator_guard.h'
and 'os/ram_session_guard.h'.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
c1b981ede4 Annotate session interfaces with CAP_QUOTA
The new 'CAP_QUOTA' enum value denotes the capability quota to be
transferred from the client to the server at session-creation time.

Issue #2398
2017-05-31 13:16:04 +02:00
Emery Hemingway
24a9537a27 File_system: replace per-handle signals with notification packets
Replace registration and signaling of per-handle signal capabilities
with CONTENT_CHANGED notification packets.

Fix #2397
2017-05-31 13:16:01 +02:00
Stefan Kalkowski
6106e64aac base: remove include/spec/* other than ISA
This commit moves the headers residing in `repos/base/include/spec/*/drivers`
to `repos/base/include/drivers/defs` or repos/base/include/drivers/uart`
respectively. The first one contains definitions about board-specific MMIO
iand RAM addresses, or IRQ lines. While the latter contains device driver
code for UART devices. Those definitions are used by driver implementations
in `repos/base-hw`, `repos/os`, and `repos/dde-linux`, which now need to
include them more explicitely.

This work is a step in the direction of reducing 'SPEC' identifiers overall.

Ref #2403
2017-05-31 13:16:01 +02:00
Christian Helmuth
1d99e7ede9 base: classify signals as I/O and application level
Fixes #2363
2017-05-31 13:15:58 +02:00
Norman Feske
9a6c194432 init: fix constness-related warnings by gcc 6.3
Fixes #2374
2017-05-31 13:15:57 +02:00
Christian Prochaska
52411c9017 terminal: add support for 'ESC[m' sequence
Fixes #2392
2017-05-31 13:15:51 +02:00
Christian Helmuth
e49bb4943e Deprecate policy constructor with implicit config
because it uses the deprecated config library.

Issue #1987
2017-05-02 15:29:02 +02:00
Christian Helmuth
19703e6617 Remove deprecated Attached_mmio constructor 2017-03-24 16:20:01 +01:00
Norman Feske
f6c494497b os: remove stale xev_track.h header
This is a follow-up commit to "Remove app/xvfb and lib/xev_track".

Issue #1987
2017-03-24 16:19:57 +01:00
Norman Feske
b3e5357cf1 Adaptation to init refactoring
Since init no longer provides public headers, we have to adjust the
existing users of this headers. The 'init/child_config.h' is used only
by GDB monitor. So the patch moves the header there as an interim fix.
The 'init/child_policy.h' is still used by a few components, so we have
to keep a trimmed-down version of it for now.
2017-03-24 16:19:56 +01:00
Norman Feske
1cf830497a init: refactoring into multiple files
This patch splits the implementation of init into several headers to
make the implementation easier to digest and to maintain.
2017-03-24 16:19:56 +01:00
Norman Feske
9dca1503a8 init: apply changes of <provides> nodes
This patch enables init to apply changes of any server's <provides>
declarations in a differential way. Servers can in principle be extended
by new services without re-starting them. Of course, changes of the
<provides> declarations may affect clients or would-be clients as this
information is taken into account for the session routing.
2017-03-24 16:19:56 +01:00
Norman Feske
8d4fb288d9 init: add version attribute to start nodes
The optional 'version' attribute allows for the forced restart of a
child with an otherwise unmodified start node. The specified value is
also reflected in the state report.
2017-03-24 16:19:56 +01:00
Norman Feske
fcf25c22d1 init: respond to binary-name changes
This patch covers the resolution of the ROM route for child binaries
via the generic label-rewriting mechanics. Now, the <binary> node has
become merely sytactic sugar for a route like the following:

<start name="test"/>
  <route>
    <service name="ROM" unscoped_label="test">
      <parent label="test-binary-name"/> </service>
      ...
  </route>
  ...
</start>

A change of the binary name has an effect on the child's ROM route to
the binary and thereby implicitly triggers a child restart due to the
existing re-validation of the routing.
2017-03-24 16:19:55 +01:00
Norman Feske
39e409f756 os: sanity check in Reporter::Xml_generator
With this check in place, one can safely construct an 'Xml_generator'
even if the report is disabled. This relieves the user of the reporter
from the need to distinguish enabled from disabled reports.
2017-03-24 16:19:55 +01:00
Norman Feske
23ad546a88 init: make RAM preservation configurable
This patch improves the accuracy of init's quota-saturation feature
(handing out all slack quota to a child by specifying an overly high RAM
quota for the child) and makes the RAM preserved by init configurable.
The preservation is specified as follows:

! <config>
!   ...
!   <resource name="RAM" preserve="1M"/>
!   ...
! </config>

If not specified, init has a reasonable default of 160K (on 32 bit) and
320K (on 64 bit).
2017-02-28 12:59:30 +01:00
Josef Söntgen
0c7200a0fe gpio: remove env deprecated warnings
And while there, remove usage of Server library.

Issue #2280.
2017-02-28 12:59:30 +01:00
Josef Söntgen
4f8804c334 input/imx53: remove env deprecated warnings
Issue #2280.
2017-02-28 12:59:30 +01:00
Norman Feske
29b8d609c9 Adjust file headers to refer to the AGPLv3 2017-02-28 12:59:29 +01:00
Norman Feske
150c286f0e init: dynamic configuration
This patch lets init apply configuration changes to a running scenario
in a differential way. Children are restarted if any of their session
routes change, new children can be added to a running scenario, or
children can deliberately be removed.

Furthermore, the new version of init is able to propagate configuration
changes (modifications of <config> nodes) to its children without
restarting them.
2017-02-28 12:59:26 +01:00
Norman Feske
a9795c93f9 init: use buffered XML for config 2017-02-28 12:59:26 +01:00
Norman Feske
e4fba26a85 init: Genode::String for unique and binary name
This patch removes the use of C-style string functions from init.
2017-02-28 12:59:26 +01:00
Josef Söntgen
69c48a3626 os: refactor Global_file_system_factory
The global file system factory is now created explicitly and the
global singleton accessor function was removed.

Fixes #2281.
2017-02-28 12:59:23 +01:00
Norman Feske
9cba459958 base: remove Child::heap
This patch improves the accounting for the backing store of
session-state meta data. Originally, the session state used to be
allocated by a child-local heap partition fed from the child's RAM
session. However, whereas this approach was somehow practical from a
runtime's (parent's) point of view, the child component could not count
on the quota in its own RAM session. I.e., if the Child::heap grew at
the parent side, the child's RAM session would magically diminish. This
caused two problems. First, it violates assumptions of components like
init that carefully manage their RAM resources (and giving most of them
away their children). Second, if a child transfers most of its RAM
session quota to another RAM session (like init does), the child's RAM
session may actually not allow the parent's heap to grow, which is a
very difficult error condition to deal with.

In the new version, there is no Child::heap anymore. Instead, session
states are allocated from the runtime's RAM session. In order to let
children pay for these costs, the parent withdraws the local session
costs from the session quota donated from the child when the child
initiates a new session. Hence, in principle, all components on the
route of the session request take a small bite from the session quota to
pay for their local book keeping

Consequently, the session quota that ends up at the server may become
depleted more or less, depending on the route. In the case where the
remaining quota is insufficient for the server, the server responds with
'QUOTA_EXCEEDED'. Since this behavior must generally be expected, this
patch equips the client-side 'Env::session' implementation with the
ability to re-issue session requests with successively growing quota
donations.

For several of core's services (ROM, IO_MEM, IRQ), the default session
quota has now increased by 2 KiB, which should suffice for session
requests to up to 3 hops as is the common case for most run scripts. For
longer routes, the retry mechanism as described above comes into effect.
For the time being, we give a warning whenever the server-side quota
check triggers the retry mechanism. The warning may eventually be
removed at a later stage.
2017-02-28 12:59:23 +01:00
Norman Feske
84fddafda7 init: enable init to report its internal state
This patch equips init with the ability to report its internal state in
the form of a "state" report. This feature can be enabled by placing a
'<report>' node in init's configuration.

The report node accepts the following arguments (with their default
values):

'delay_ms="100"': specifies the number of milliseconds to wait before
  producing a new report. This way, many consecutive state changes -
  like they occur during the startup - do not result in an overly
  large number of reports but are merged into one final report.

'buffer="4K"': the maximum size of the report in bytes. The attribute
  accepts the use of K/M/G as units.

'init_ram="no"': if enabled, the report will contain a '<ram>' node
  with the memory stats of init.

'ids="no"': supplement the children in the report with unique IDs, which
  may be used to infer the lifetime of children accross configuration
  updates in the future;

'requested="no"': if enabled, the report will contain information about
  all session requests initiated by the children.

'provided="no"': if enabled, the report will contain information about
  all sessions provided by all servers.

'session_args="no"': level of detail of the session information
  generated via 'requested' or 'provided'.

'child_ram="no"': if enabled, the report will contain a '<ram>' node
  for each child based on the information obtained from the child's RAM
  session.

Issue #2246
2017-02-28 12:59:22 +01:00
Norman Feske
e17811fb7a cli_monitor: API transition
Issue #1987
2017-02-28 12:59:20 +01:00
Norman Feske
8cb0dc9c16 init: session-label rewriting
This patch enhances init with the support for rewriting session labels
in the target node of a matching session route. For example, a Noux
instance may have the following session route for the "home" file
system:

<route>
  <service name="File_system" label="home">
    <child name="rump_fs"/>
  </service>
  ...
</route>

At the rump_fs file-system server, the label of the file-system session
will appear as "noux -> home". This information may be evaluated by
rump_fs's server-side policy. However, when renaming the noux instance,
we'd need to update this server-side policy.

With the new mechanism, the client's identity can be hidden from the
server. The label could instead represent the role of the client, or a
name of a physical resource. For example, the Noux route could be
changed to this:

<route>
  <service name="File_system" label="home">
    <child name="rump_fs" label="primary_user"/>
  </service>
  ...
</route>

When the rump_fs receives the session request, it is presented with the
label "primary_user". The fact that the client is "noux" is not taken
into account for the server-side policy selection.

Issue #2248
2017-02-28 12:59:20 +01:00
Norman Feske
b1a9addeb6 os/child_policy_dynamic_rom.h: API transition
Issue #1987
2017-02-28 12:59:19 +01:00
Josef Söntgen
15821e32ec nic: remove usage of deprecated env()
This commit includes changes to the Nic::Session_component interface.
We now pass the entire env to the component instead of only ram, rm and
the ep because we need the env to open connections from within the
Session_component implemenation. So far only the cadence_gem driver
needs this, though.

Issue #2280.
2017-02-28 12:59:18 +01:00
Josef Söntgen
3c57a8b3c2 usb_session: pass Region_map explicitly
Issue #2280.
2017-02-28 12:59:17 +01:00
Norman Feske
652f92c9c9 init: 'unscoped_label' session-routing attribute
This patch enhances init with the ability to route individual
environment sessions. Prior this patch, environment sessions could be
routed only by an all-encompassing '<service>' node that would match
both child-initiated and environment sessions.

In contrast to the existing 'label', 'label_prefix', and 'label_suffix'
attributes of '<service>' nodes, which are always scoped with ther name
of the corresponding child, the 'unscoped_label' allows the definition
of routing rules for all session requests, including init's requests for
the child's environment sessions. For example, to route the ROM session
requests for a child's dynamic linker, the following route would match:

<route>
  <service name="ROM" unscoped_label="ld.lib.so"> ... </service>
</route>

Issue #2215
2017-02-27 15:37:49 +01:00
Norman Feske
19868de69a launcher: API transition (deprecated warnings)
Issue #1987
2017-02-27 15:37:49 +01:00
Norman Feske
455bd9396e gems/terminal: support 'CHARACTER' events
This patch adds the handling of 'CHARACTER' events as emitted by the
input-filter's character generator (<chargen>). To avoid interpreting
press/release events twice (at the input filter and by the terminal's
built-in scancode tracker), the terminal's scancode tracker can be
explicitly disabled via <config> <keyboard layout="none"/> </config>.
In the future, the terminal's built-in scancode tracker will be
removed.

The use of the terminal with the input filter is illustrated by the
'terminal_echo.run' script.

Issue #2264
2017-02-27 15:37:49 +01:00
Norman Feske
859d23d92b os: introduce Input::Event::CHARACTER type
Character events are created via a dedicated 'Event' constructor that
takes an 'Event:Utf8' object as argument. Internally, the character is
kept in the '_code' member. The 'Utf8' value can by retrieved by the
recipient via the new 'utf8' method.

Issue #2264
2017-02-23 15:03:29 +01:00
Christian Helmuth
61b6dccf13 Queued read/write/read_ready in VFS and servers 2017-02-23 15:03:28 +01:00
Christian Helmuth
b805e001db Add READ_READY support to file-system session
The read-ready packet informs the server that the client wants to be
notified if a handle becomes readable. When becoming readable, the
server acknowledges packet and the client may queue a read requests
accordingly.
2017-02-23 14:54:51 +01:00
Sebastian Sumpf
aa602032dd vfs: dynamic configuration support 2017-02-23 14:54:48 +01:00
Josef Söntgen
e6e85fce74 os: remove Server from nic/component
Issue #2275.
2017-02-23 14:54:44 +01:00
Christian Helmuth
f9389109bf Support select in libc VFS plugin by read_ready() 2017-02-07 11:12:29 +01:00
Norman Feske
f8349b5bc7 os/slave.h: Remove use of global allocator
This patch eliminates the need for a global allocator by passing the
parent-service registry as argument to the 'Slave::Policy' constructor.

Fixes #2269
2017-02-07 11:12:28 +01:00
Christian Helmuth
c0d61858c3 Support for suspendable read in VFS and libC
The support has two parts. First, a VFS plugin now gets passed an
I/O-response handler callback on construction, which informs users of the
VFS that an I/O event occurred. This enables, for example, the libC to
check if blocking read can be completed. Further, the VFS file I/O
interface provides now functions for suspendable reads, i.e.,
queue_read() and complete_read().
2017-02-07 11:12:27 +01:00