This can happen, for example, during 'dlopen' if unresolved symbols are
present.
* Unload already loaded shared libraries
* Delete dependencies
* Flush initializer list (ctors)
fixes#3073
Packets whose data is stored within the Packet_descriptor itself
but not as payload, .e.g Usb::Packet_descriptor, are valid packets
after all. So loosen the packet valid check for zero-sized packets
is reasonable.
Fixes#3076.
'SANITIZE_UNDEFINED = yes' in 'target.mk' adds the '-fsanitize=undefined'
compiler flag and links the program with libubsan and libsanitizer_common.
Issue #3072
This ensures that the depot_autopilot.run script, when exiting, always prints
a result overview of the so far available test results, except the Depot
Autopilot component has managed to print the result overview up to this point.
Unequal numbers of double quotes let the XML parser of init fail,
therefore replace all double quotes when transfering previous
results after a reboot.
Ref #3027
Our overall nightly test time greatly decreases when the timeouts for
the single tests are not that over-pessimistic. Using the slowest
platforms as reference, this commit reduces the test timeouts.
Ref #3027
Call 'tcp_output' if application data has been successfully queued. This
sends data immediately that may otherwise remain queued until the next
periodic TCP timer event.
This reverts a change made in 3e31e2ba53.
Fix#3067
The number of tests to run is the number of test package-archives minus the
the those that are skipped for the given platform. The number is printed
directly after checking if the given platform is supported by the run script.
It helps the surrounding test infrastructure to ensure that, for instance, a
result graph always reflects the same total number of tests, even though there
is a sporadic problem with booting the platform.
This commit addresses several multiprocessing issues in base-hw:
* it reworks cross-cpu maintainance work for TLB invalidation by
introducing a generic Inter_processor_work and removes the so
called Cpu_domain_update
* thereby it solves the cross-cpu thread destruction, when the
corresponding thread is active on another cpu (fix#3043)
* it adds the missing TLB shootdown for x86 (fix#3042)
* on ARM it removes the TLB shootdown via IPIs, because this
is not needed on the multiprocessing ARM platforms we support
* it enables the per-cpu initialization of the kernel's cpu
objects, which means those object initialization is executed
by the proper cpu
* it rollbacks prior decision to make multiprocessing an aspect,
but puts back certain 'smp' mechanisms (like cross-cpu lock)
into the generic code base for simplicity reasons
The Linux emulation library provides preprocessor macros for min() and
max(), which now clash with implementation in duration.h. So, we disable
those macros in the delay implementation.
FreeBSD implements 'clock' with an accuracy of 128 ticks-per-second for
compatibility reasons, Linux uses 1000000 per-second. Remove 'clock' and
print an error because it is unlikely that this is the resolution
expected by the application.
Fix#3057
For reading the MAC address we try first to read it from the <policy> tag, and
when it is not defined in the <policy> tag, we allocate a MAC. But there was
no handling of the case that there is no appropriate <policy> tag. In this
case we want to create the session with an allocated MAC also.
Due to the changing environment this test is executed (like depot_autopilot)
the binary test-rm_fault used to check ROM dataspace's read-only property
does not suit anymore. This commit changes the binary to ld.lib.so that is
normally still provided as a ROM dataspace.
Ref #3027
The test for python requires x86 to be built. Therefore, there is no test
binary available when trying to execute that test on ARM with depot_autopilot.
This patch constraints the window size of the generated layout to the
minimum of the client's real window size and the wanted window size
(both may differ when resizing or maximizing windows).
This patch improves the handing of new appearing windows for which only
a wildcard assignment - but no exact assignment - rule exists. In the
prior version, an interactively raised window would stay in front of
such a window, which is unintuitive. The new version applies the
to-front mechanism to unknown new windows. For known new windows (with
an exact assignment rule) their original stacking position is preserved.
This patch solves an off-by-one problem in the window-size calculation,
which resulted in sporadic artificial resize requests. In Sculpt, this
glitch caused flickering artifacts in VirtualBox windows caused by
superfluous guest desktop-resize handling.
Furthermore, the patch introduces the dropping of resize requests with
unchanged content.
The commented-out <start> nodes are prone to become inconsistent with
the launchers. Hence, this patch removes them. Start nodes should better
be added by the '+' menu, at least initially.
Furthermore, the patch directs requests for the vfs.lib.so ROM to core's
ROM service to reduce the impact of low-level ABI changes (i.e., the
packet-stream layout) on existing vfs/libc-based packages.
This patch makes init robust against invalid routing rules that lack a
name attribute in the '<service>' node. This situation may occur when
interactively editing routes in Sculpt.
Return a value in the same width as provided by the caller of sysctl for
PHYSMEM and USERMEM. This is to ensure that if a caller provides a
64-bit integer, a 64-bit value will be returned for 32-bit machines.
issue #3060
Some application code is dereferencing the pointer returned by
'packet_content' at packet streams without checking that it is valid.
Throw an exception rather than return a null pointer, except for
zero-length packets, which have somewhat implicit invalid content and
that we believe to be properly handled in all current cases.
The client-side of a packet stream cannot take corrective action if the
server-side is sending packets with invalid content, but the servers
that provide packet streams should catch this exception to detect
misbehaving clients.
Ref #3059
This enables Qt5 applications to set a Genode label via 'setWindowTitle'
from within Qt5 applications, and thus, making them identifiable to
other Genode components, like a layout manager.
fixes#3046
The recall file system is a place where components can remember state.
E.g., to allow the window layouter to recall the window layout of the
previous session.
In a corner case, the toggling of the popup menu entered a state
where the menu could not be opened anymore by the user. Specifically
the following input sequence triggered this problem.
1. The user opens the menu
2. The user clicks on the menu and holds the button
3. While holding the button, the user moves the pointer to the
outside of the popup (e.g., to the '+' button)
4. The user releases the button.
In this situation, the popup is closed but the hover information for the
popup contains still the original clicked-on item. Hence, all subsequent
clicks on the '+' appear as both a click on the '+' (opening the popup)
and a click on the "hovered" popup entry (closing the popup).
The patch explicitely clears the popup's hover information when closing
the popup.
Change the root of a session request into an explicit path and apply the
label-to-path conversion using the "path_prefix" policy attribute. This
is in addition to only applying a root change with a "path" attribute.
Ref #3031Fix#3056
The bulk buffer is now 64Byte-aligned so that the allocated
packets get aligned likewise (assumed the packet allocator uses an
appropriately aligned block size). This ensures that each packet
starts at a new cache line on common platforms.
Issue #3053
Move the libc-i386, libc-amd64, and libc-arm include directories into
the standard "include/spec" directory. This allows the platform specific
headers in the libc API package to be detected in a generic manner.
Ref #3051
The pthread API is considered a standard feature of libc so better to
simply merge it with the libc. Pthreads are in fact already a part of
the libc in the form of weak symbols. This merger is also a prerequisite
for better integrating pthreads with the libc I/O task.
Fix#3054
Print a line like "succeeded: 35 failed: 11 skipped: 2" below the list of test
results. Adds further attributes to <previous-results> to communicate also the
previous statistics.
This commit moves the window layouter and window decorator into
dedicated packages that can now be combined with the "wm" server at
runtime and restarted/reconfigured/swapped-out independently.
To use the window manager, one must start the 'wm', 'window_layouter',
and one of the 'motif_decorator' or 'themed_decorator' subsystems.
Fixes#3024
When doing the libc_getenv test on autopilot+foc+x86 and one of the
subsequent tests crashes the system so it gets rebooted by the run
script, the system doesn't come up again. It gets stuck after core
initialization.
Issue #3027
The PDF viewer can crash under a number of conditions due to changes to
the internal framebuffer model that were made to support mouse wheel
panning. These changes are reverted until the model can be reimplemented
to explicitly support page panning.
Fix#3021
This patch improves the detection of new appearing top-most windows.
Such a window should prompt the decorator to bring the corresponding
nitpicker view(s) to the front of the view stack. The original
implementation relied on hints provided by the layouter (the 'topped'
attribute). With the patch, the decorator tracks the top-most window by
itself, which improves the robustness.
As a second improvement, the patch defers the destruction of windows to
the point when all other window operations are completed. This hides
intermediate states when replacing one window by another in one step,
which is typical for console-like scenarios. Hence, this patch should
eliminate flickering artifacts when switching from one virtual console
to another.
Issue #3031
This commit replaces the former floating_window_layouter with a new
window_layouter component that supports the subdivision of screen space
into columns and rows, the concept of layers, and the principle ability
to store window layout information across reboots. The latter is
accomplished by reflecting the component's internal state as a 'rules'
report to the outside.
Fixes#3031
* In base-foc/recipes/src/ replace base-foc with base-foc-pc
* To base-foc/recipes/src add base-foc-arndale, base-foc-pbxa9
* Ensure that the correct base-foc recipe is choosen by the run module
'boot_dir/foc'
* To base-hw/recipes/src add base-hw-arndale, base-hw-imx53_qsb,
base-hw-imx53_qsb_tz, base-hw-odroid_xu, base-hw-panda, base-hw-rpi,
base-hw-wand_quad
* Ensure that the correct base-hw recipe is choosen by the run module
'boot_dir/hw'
This patch fixes the following build problem that occurs on recent
GNU/Linux systems:
/usr/include/x86_64-linux-gnu/sys/cdefs.h:307:0: error: "__always_inline" redefined
...
/usr/include/linux/stddef.h:5:0: note: this is the location of the previous definition
The code in 'cdefs.h' does not check if the '__always_inline' is already
defined. The patch works around the problem by including the 'sys/cdefs.h'
first.
For being able to build the tests via source archives, the 'base'
library must be denoted as dependency explicitely in their 'target.mk' file.
This is because when building archives, the API dependencies of used APIs are
not taken into account.
Use the Timer session duration for CLOCK_MONOTONIC and CLOCK_UPTIME.
Use the Genode::Duration object for passing internal time, it supports
sub-millisecond time and helps disambiguate units of time.
Fix#3018
Block and loop until application writes are sent or buffered in their
entirety. Do not call "tcp_output" directly, LwIP calls this procedure
internally and calling it again appears to disrupt the LwIP TCP state
machine.
Fix#3017
Move button-event reporting behind pointer-position update.
This is just a quickfix to restore correct pointer emulation with
dde_linux usb_drv. It does not change usb_hid_drv because the approach
is a questionable workaround of the current input event handling, which
reports events promptly on occurrence of inputs events and ignores
synchronization events completely. The original contrib code reported
the button press before absolute x and y positioning followed by a sync
event.
Issue #3019
This component allows access to Terminal sessions via interactive SSH
sessions. Please read _repos/gems/src/server/ssh_terminal/README_ for
more detailed information.
Fixes#3014.
This fixes the region-map component implementation in core, which uses a
'Genode::Weak_ptr<Genode::Region_map_component> _faulting_region_map'
member. This member is assigned a valid weak_ptr or an invalid weak_ptr
according to the state machine.
Fixes#3012
The new 'conditional' method simplifies the typical use case for
'Constructible' objects where the constructed/destructed state depends
on a configuration parameter. The method alleviates the need to
re-implement the logic again and again.
The patch also removes the 'Reconstructible' constructor arguments
because they are unused.
Fixes#3006
* Account all RAM/CAP quota of a session except quota for metadata used in
core. The latter is considered when asking if a session can afford to make
an operation but it does not get accounted to always be able to pay back all
quota when a session closes. The general accounting mechanism is moved from
atop of the allocators down to the level of RAM/RM session operations.
* report statistics about session objects and quota if <report stats="yes"
quota="yes"/> is configured. (default is yes if <report> is present)
Issue #2953
Like suggested by RFC 2663, reprogram the dissolve timeout of a TCP link
state to 2 times the maximum segment lifetime (by default 1 minute) when
receiving a matching packet with the FIN flag set, or with the ACK flag
set to acknowledge a FIN of the remote side.
Mark a link state as closed (no further reprogramming of the dissolve
timeout) and set the dissolve timeout to 2 times the maximum segment
lifetime when receiving a packet with the RESET flag set.
Issue #2953
If the NIC router has insufficient CAP or RAM quota for the creation of
a state object for an interface, it tries to destroy a certain amount of
existing state objects of this interface to free resources. Afterwards,
it retries handling the current packet once. If it does fail again, the
router drops the packet.
Issue #2953
Ensure that a '\0' always appears at the end of the ouput of the XML
generator. Previously, exceptions during the Node(...) constructor
might have prevented this. This commit also extends the xml_generator
test to drive a harder test on exceptions in the Xml_generator.
Issue #2953
When the functor provided to the Node constructor throws an exception,
do revert all changes in reverse order. Previously, the changes made
to the parent node were not considered by the exception handler which
caused unnecessary characters to remain in the out buffer for each
reverted node.
Issue #2953
Switch to kernel branch, that determines the available system memory during
boot time. The overall kernel memory is still static, but during boot time
dynamically the amount can be chosen. Following 3 config option exists:
CONFIG_MEMORY_BOOT is the amount of kernel memory allocated in the BSS
statically - effectively chosen during link time - see linker script.
CONFIG_MEMORY_DYN_MIN && CONFIG_MEMORY_DYN_PER_MILL configures the dynamic
part of the kernel memory allocation applied during early kernel boot time.
CONFIG_MEMORY_DYN_MIN is the amount of memory which should be allocated at
least. CONFIG_MEMORY_DYN_PER_MILL defines the amount of the system memory in
per mill which should be allocated at most. The overall maximum kernel memory
is restricted to ~1G (64bit), due to the chosen internal virtual memory layout.
Fixes#2985
On some machines, both the AHCI and NVMe drivers are started within the
[drivers -> dynamic] subsystem. This ultimately exhausted the RAM quota
of this subsystem.
Issue #2987
This patch introduces the distinction of the manually managed
config/deploy from the managed config/managed/deploy. The latter
incorporates interactive changes of the system by the user. There are
two user interactions supported.
First, by clicking on the '+' button at the top-left of the runtime
view, the user can select a component to launch. All launchers at
config/launcher/ are listed in the popup menu. Each launcher can be
lauched only once. While running, is not available in the popup
menu.
Second, when selecting a node that corresponds to a start node in
config/deploy or that was interactively launched, the detailed view
shows a 'remove' button, which can be used to exclude the component
from the deployment.
The result of the interactive manipulation is always available at
config/managed/deploy. Hence, the current situation can be made
persistent by using it as config/deploy.
Fixes#2986
The tasklet_schedule implementation was missing the unblock call, which
was no problem in the past because the correspending task would get un-
blocked by other work items. Now that every workqueue has its own task,
there is nobody left to unblock the task and thereby execute the
tasklet. As a tasklet is the only way to transmit any pending frames
after transmission was temporarily suspended - because the device/fw
was not able to process the TX request - this rendered 6xxx devices
unusable whenever this situation occurred.
Fixes#2973.
The Arora main thread sometimes blocks on a pthread condition variable,
which prevents Genode signal processing with the current implementation.
This is especially a problem when the thread who could unblock the main
thread calls 'Libc::suspend()'.
As a workaround until the pthread locking mechanisms get adapted to the
Genode libc execution model, the Arora main function can be called from
a dedicated thread.
Fixes#2978
Close the stdin, stdout, and stderr I/O channels at child exit. This
serves to flush buffers at the I/O resources which might not be written
otherwise.
Ref #2919
The VFS LwIP plugin is page-faulting on connect error because the LwIP
library frees a failed TCP protocol control block before calling the
error callback, and then the VFS plugin dereferences the PCB to free it
a second time. This problem was caused by a failure to follow
documentation during a transition from a C callback to a C++ method.
Fix#2972
1) The loop for determining the line length read from a character offset
before checking whether the offset is smaller than the given string
length. This could have caused access outside the string buffer.
2) The routine for determining the line length first seeked for the
offset of the last real character of the line and than added one for
getting the length but only if the following character was '\n'. This
has to be done for any other line-terminating character too. The only
case where you don't want to do this is when the end of the whole
string is reached.
Issue #2967
When 'notify_read_ready()' is called during 'select()' and fails,
suspending can cause a deadlock when the libc IO response handler becomes
active and calls 'select_notify()', which tries to acquire the
'select callback list lock', which is already acquired by the suspended
'select()' call.
It seems possible to ignore a failed 'notify_read_ready()' call instead of
suspending. When the VFS plugin calls the IO handler later when the
notification request can be processed, the 'select_notify()' call of the
libc IO response handler will eventually call 'notify_read_ready()' again.
Fixes#2970
Implement the passwd database subroutines with single-user database.
This database is populated with a <passwd/> sub-node of the libc
configuration node. All fields of the "passwd" struct may be specified
with reasonable defaults provided for a "root" user. This allows a
libc-based component to spoof user information for the sake of porting
existing Unix software.
A test is provided at run/libc_getpwent.
Fix#2919
GNU tar interprets the passed time value in local time by default, which
lead to unstable hashes again. So, now provide a complete date/time
value incl. time zone.
Related to #2842
The VFS server does not support file-system with one single-file plugin
providing the root. This is because the "leaf_path" is not universally
implemented to handle the path "/". This fix is simply to skip a
"leaf_path" check when opening the path "/".
Ref #2919
Rather than removing the source files during the port preration, which
breaks preparing the port anew, they are now removed while creating
the src archive.
Fixes#2959.
This patch unifies the handling of on-demand resource upgrades among
ram_fs and depot_rom, and applies the new pattern to the runtime view.
This way, runtime view becomes able to accommodate more complex
scenarios.
There is a bug in the LwIP VFS plugin, the chained buffers used by Lwip
use sizes expressed in sixteen bits, and under conditions such as a read
of 1<<16 the higher bits are lost and the plugin performs a zero length
read, and the application interprets this as a closed connection.
Fix#2947
Since we use the git repo by now remove all unnecessary ballast like
unused code and the git history. The will bring down the wifi_drv's
src archive to reasonable size again.
This patch enables the user to click on a component in the runtime view
to reveal more information such as the used/assigned RAM/caps and
secondary dependencies.
This patch adds a graph of the current runtime state to the
leitzentrale. The topology of the graph depends on the first routing
rule of each component. For this reason, the patch re-orders routing
policies to make the most important route the first in the list.
The user can switch between the runtime view and the inspect window
by clicking on the corresponding menu dialogs. E.g., a click on the
storage dialog reveals the inspect window.
The PS/2 driver retries to get mouse-reset results for 700 ms, sleeping
after each attempt for 10 ms. So, the driver needs a Timer session now.
Fixes#2713
The most important route of each launcher is at the top of routes and
will be used to layout the graph topology of the runtime view.
By caching the state reports generated by the runtime init, the sculpt
manager becomes able to quickly check for the presence of components. So
we can apply routing-dependency checks not only prior starting
components but also while components are running.
Fixes#2938Fixes#2912
This patch fixes a problem in the non-const 'for_each' method of the
'Registry' data structure. If an exception was thrown from within the
functor of the 'for_each' operation, the not yet processed items of the
registry were dropped from the registry, which is not expected.
This patch addresses two problems: By guarding the buffer allocation in
a nested class, an exception in the body of the 'File_content'
constructor reverts the allocation. Second, if the file has no content
no allocation should be performed. The previous version wrongly passed
a size of zero to the allocator in this case.
This patch addresses a situation where _process_packets was called as a
side effect of watch notification (that was processed during an unlink
RPC operation). This scenario (triggered by the fs_query test)
ultimately ended up in a deadlock. Io/watch reponse handlers should
never re-enter the application logic.
The new base/xsd/config.inc defines generic XSD types such as 'Boolean' or
'Session_label'. It can be included in config XSD files by using:
! <xs:include schemaLocation="file://${GENODE_CONFIG_INC}"/>
The string ${GENODE_CONFIG_INC} is replaced by the run tool with the
above mentionened file path.
Issue #2897
Seen on X250
Description from https://www.win.tue.nl/~aeb/linux/kbd/scancodes-1.html
The ten grey keys Insert, Home, PgUp, Delete, End, PgDn, Up, Left,
Down, Right are supposed to function regardless of the state of Shift
and NumLock keys. But for an old AT keyboard the keypad keys would
produce digits when Numlock was on or Shift was down. Therefore, in
order to fool old programs, fake scancodes are sent: when LShift is
down, and Insert is pressed, e0 aa e0 52 is sent; upon release of
Insert e0 d2 e0 2a is sent. In other words, a fake LShift-up and fake
LShift-down are inserted.
Fixes#2888
The 'Report' route was missing. The commit also removes superfluous
routing rules for IO_PORT, IRQ, and IO_MEM that are captured by the
subsequenting wildcard anyway.
Issue #2909
The COW plugin provided only partial copy-on-write semantics and had
problems detecting recursive requests. Conversely, the import plugin has
much simpler behavior that is easy to test because it mirrors that of
the ram_fs server.
Ref #2745
LwIP skips a packet copy by wrapping Nic stream buffer regions in LwIP
pbuf objects. Move from a fixed size array to a potentially unbounded
slab allocator for managing this buffer metadata.
Ref #2335
A 'QThread' can be reused when its execution is finished by calling
'QThread::start()' again. Before this commit, this created a new Genode
thread, but did not destroy a previously finished Genode thread first.
Fixes#2928
Add additional parsing modes to the sequence decoder to detect and
discard unhandled sequences for ECMA-48, DEC private, and Xterm.
Add new behavior for cursor movement, cursor hiding, character deletion,
and line-wrapping.
Fix#2923
The libc sockets implementation already syncs socket control files after
writes, so sync errors will induce failures for operations such as
"connect".
Fix#2920
This patch reintroduces the LwIP stack to libc as a VFS plugin
implementing the socket_fs interface. Rather than use LwIP's socket
emulation layer this plugin interfaces directly to LwIP raw API and is
single threaded.
The internal TCP parameters of the stack are untuned.
Fix#2050Fix#2335
A timer should set itslef not pending before calling the timout handler.
This is important for timeout handler that program the timeout again.
issue #2910
When the cached_fs_rom saturates the packet stream of its File_system
session it will call the session request handler recursively as pending
transfers are completed. This is bad because the content of the XML node
currently being processed will change.
The session request handler can no longer be called directly, but the
"schedule" method will submit a signal to the request handler, and
requests will be processed after the current operation has completed.
By adding a sanity check for the validity of the PD session targeted by
a transfer_quota operation, the corner case of an incomplete PD session
of a child can no longer trigger an 'Invalid_session' exception.
Calling 'handle_io_response()' in a regular VFS function (in contrast to a
post-signal hook) can cause problems if the caller of the VFS function holds
a lock which prevents the io response handler from returning.
With this commit, the user of the VFS becomes responsible for unblocking
threads which might be blocking after a failed 'queue_read()', 'queue_sync()'
or 'write()' call.
Fixes#2896
This new vfs_import plugin allows a VFS instance to be populated during
construction using a sub-VFS configured in an '<import>' configuration
node. This allows the ram_fs File_system server to be replaced by the
VFS server by reimplementing the ram_fs 'content' feature. At the
moment the copying of symlinks is not enabled, and the resources
obtained by the import file-system may not be freed after the import is
finished.
Fix#2906
