This change of the inner working of the platform driver for ARM allows
clients to have permanent open sessions, as long as a policy node matches
the client. If devices disappear from the policy resp. from the set of
available devices (hotplug), the devices ROM of the session gets updated,
and a corresponding device session gets closed. If the device remains
untouched in the configuration but other devices appeared/disappeared, the
device session is not affected.
Ref #4330
* Only give managing_system permission when all parent nodes of the
corresponding component agree in doing so.
* Move the physical memory constrains heuristic from sandbox library to core
Fix#4335
* Track all caps and ram quotas of the sub-sessions properly
* Release DMA buffers, it is not done implicitely when destroying
the Constrained_ram_allocator
* Do not replenish quota before really releasing memory from
the allocator
Issue #4330
The Session_component must be destroyed before updating the device
model because the Session_component must also release all previously
acquired devices. If the device model is updated before, the devices
might have been removed.
Issue #4330
Pre-allocate all possible type of policy objects as part of the thread meta
state to avoid increased memory consumption due to different policy object
sizes. The cpu_balancer accounts the memory per client and can't forward
potentially occurring out-of-ram exceptions during config-ROM update phases.
Fixes#4333
The commits avoids reading in and allocating memory for all potentially
threads, which are potentially currently not existent (but configured in the
policy beforehand). Instead the policy is read in and evaluated when a thread
is created and policy changes are solely applied to existing/running threads.
By this the commit avoids the increase of memory consumption during the
evaluation of policies during config ROM updates.
Issue #4333
This implements the necessary bits to provide 2D framebuffer support on
top of VirtIO GPU device as implemented in Qemu. I don't know if any
other implementation of this specific device exists.
Compared to the ramfb driver which already exists in Genode Virtio FB driver
has one major benefit. It allows Qemu window to be dynamically resized at
runtime. The driver will treat this as resolution change and act accordingly.
Ramfb driver can currently only use the hardcoded 1024x768 screen size. Changing
screen resolution might not sound like a big deal, but it is rather useful to
run Genode on Qemu in full screen mode.
Some more advanced devices like VirtIO GPU do expect they can receive
responses to VirtIO commands they issue via VirtIO queue. Such responses
are not sent via a separate device writeable queue. Instead the driver
is expected to queue some additional descriptors and buffers which the
device can then use to provide the reply.
This patch adds support for such write-data-read-response opeartion to
Genode VirtIO::Queue implementation. The implementation is pretty simple
and does not support any fancy features like receiving the response
asynchronously. Instead the operation will use caller provided callback
to wait for the device to process the command. Once this callback
returns the write-data-read-response VirtIO::Queue function will invoke
another callback passing received response as argument.
Mesa queries information about the underlying device and this header
denotes the layout of the information. It is also used by the driver
itself to populate the 'info_dataspace'.
Issue #4329.
This filter bridges the gap between a touchscreen driver, which
generates raw touch events and traditional GUI applications that expect
a pointer (absolute motion, press/release of the left mouse button).
Fixes#4332
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.
To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.
Issue #4324
Since the top-level node of the output ROM is always generated by the
rom_filter, there is no way to pass-through the content of an input ROM
without wrapping in an addition XML node.
genodelabs/genode#4326
This patch makes the test less dependent on the rate of state updates by
calculating the upgraded quota from the values found in the state report
instead of simply increasing the '_ram_quota' for each incoming report.
This patch replaces the 'Ram_allocator::alloc' RPC function by a
'try_alloc' function, which reflects errors as 'Attempt' return value
instead of an exception.
Issue #4322
Issue #3612
The new interfaces are meant to gradually replace the existing
Gpio_session interface.
- Each session refers to a single pin.
- The session types distiguish the direction of the signal as input or
output.
- Pin coordinates can be selected via session labels.
- GPIO interrupts are covered by the regular IRQ session interface.
The interfaces are accompanied by framework utilities and interfaces:
- os/pin_driver.h
- pin_control_session/component.h
- pin_state_session/component.h
These headers relieve GPIO drivers from implementing boilerplate code by
providing device-agnostic portions. The A64 pio driver serves as
reference for using those utilities.
https://github.com/nfeske/genode-allwinner/tree/master/src/drivers/pin/a64Fixes#4315
Accidentally, the size of IOMEM dataspace got accounted within the
implementation of the platform driver for ARM. Instead we should
only account a bit for the metadata and paging of the I/O memory.
Fix#4307
The custom ack avail handler is required for zero-copy nic drivers (e.g.
the zynq nic driver), which must release the corresponding DMA buffers.
Fixesgenodelabs/genode#4277
This component can service Qemu VirtIO mouse, keyboard and tablet
devices. The implementation is based on VirtIO 1.1 device spec. Its
described in section 5.8 "Input Device".
Issue #4282
- CPU-architecture annotations
- Change order of top-level menu, moving Mesa driver to the end
- Add black_hole, recall_fs, file_fault
- Add usb_webcam, test-capture
- Add audio driver and mixer
- Add vbox6, keeping vbox5-nova-sculpt as fallback
- Remove recall_fs launcher, which is obsolete with the recall_fs pkg
- Replace system_clock by system_clock-pc pkg
Issue #4281
This patch extends the notion of having only one uniquely hovered client
in the presence of held keys.
If motion occurs once a key is pressed (e.g., while dragging), the
receiver of the key sequence observes the motion events. In this case,
we have to submit an artificial leave event to the originally hovered
client so that no more than one client observes itself as being hovered
at the same time. Once the key sequence is finished, the hovering is
updated again, eventually presenting a motion event to the originally
hovered client and a leave event to the receiver of the key sequence.
Issue #4176
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.
By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.
Issue #3767
'Out_of_ram' was so far the only exception a client had to deal with
during buffer managment. Allocating memory, however, does not only
consume RAM quota but CAP quota as well.
This commit tries to mitigate that shortcoming by reflecting the
'Out_of_caps' state back to the client. Furthermore it allows for
resource accounting on certain client allocations, e.g. buffers.
Fixes#4284.
Allocating and mapping buffers not only consumes RAM quota, it consumes
CAP quota as well. Extended the Gpu session to allow for dealing with
that on the client side.
On a side note, the amount of initial CAP quota needed to establish
a connection is increased to cover the current costs of the Intel
GPU multiplexer.
Issue #4284.
The platform driver uses a 'Constrained_ram_allocator' to allocate
meta-data on behave of a client. It uses the PD session as
'Ram_allocator' back end that in return is implemented via the
'Expanding_pd_session_client'.
Whenever the PD client itselft comes into resource shortage it will
ask its parent unconditionally. However, depending on the integration,
such a request may be left unanswered.
This commit introduces a check to prevent that situation from
occurring. In case the platform driver notices the resource shortage
it will reflect that back to the client.
Issue #4284.
ROM clients have to request an initial update of dynamic ROMs explicitly
and should not depend on artificial signals from the ROM session on
signal-handler registration.
Issue #4274
The sequence app should immediately stop the child when it called
parent().exit(). Otherwise, the child will continue execution which
causes a race condition: The child's ld.lib.so will eventually destruct
an Attached_rom_dataspace for the config rom. If sequence destructed the
corresponding service first, we will get an Ipc_error.
genodelabs/genode#4267
This patch introduces a C API to be used by input drivers to generate
Genode events. The initial version is limited to multitouch events only.
Fixes#4273
The former implementation did not internally track ROM changes notified
vs. delivered to the client. We adapt the versioning implementation
implemented in dynamic_rom_session.h and enable explicit notification of
the current version.
The feature is used by the clipboard to notify permitted readers of the
clipboard ROM service on focus change via the newly created private
Rom::Module::_notify_permitted_readers() function.
Fixes#4274
The various mapping methods are modelled after the requirements of
the Intel GPUs or rather the Mesa driver back end.
With upcoming support for other driver back ends, we need to
sequeeze their requirements in as well. For now hijack 'map_buffer'
to provide for specifying the kind of attributes the client needs.
For now all buffers mapped in the GGTT for Intel GPUs are treated
as RW.
Issue #4265.
This call allows for checking if the given execution buffer has been
completed and complements the completion signal. Initially the GPU
multiplexer always sent such a signal when the currently scheduled
execution buffer has been completed. During enablement of the 'iris'
driver it became necessary to properly check of sequence number.
In case of the Intel GPU multiplexer the sequence numbers are
continous, which prompted the greater-than-or-equal check in the
DRM back end. By hidding this implementation detail behind the
interface, GPU drivers are free to deal with sequence numbers any
way they like and allows for polling in the client, where the
completion signal is now more of a progress signal.
Issue #4265.
The current info implementation (as RPC) is limited in a few ways:
* The amount of data that may be transferred is constrained by the
underlying base platform
* Most information never changes during run time but is copied
nonetheless
* The information differs depending on the used GPU device and
in its current implementation only contains Intel GPU specific
details
With this commit the 'info' RPC call is replaced with the
'info_dataspace' call that transfers the capability for the dataspace
containing the information only. This is complemented by a client
local 'attached_info' call that allows for getting typed access to
the information. The layout of the information is moved to its own
and GPU-specific header file, e.g., 'gpu/info_intel.h'
Issue #4265.
Rather than using the dataspace capability directly, let the client
choose its own local identifier that is linked to the underlying
capability.
Fixes#4265.
Right now the warning about failure to forward packet from driver to
uplink RX connection reads:
"exception while trying to forward packet from driverto Uplink
connection TX"
Add missing space between "driver" and "to".
Issue #4264
32KB is a rather small value. The driver can cope with it now, but
it does not perform as well as it should. This visible especially
in scenarions like nic_router_flood where we still often hit
synchronous wait path. Bump the size to 256kB.
Issue #4264
The problem can be seen when running nic_router_flood scenarion on arm
qemu_virt boards. With the amount of data this scenario tries to send
the driver quickly complains it has failed to push data into TX VirtIO
queue. After this warning message is printed nothing really happens and
after a while the test scenario fails.
The fact that we can't write all available data to the device is not
unexpected. VirtIO queue size is slected at initialization time and we
don't change it during driver lifetime. It can be tweaked via driver
config, but this does not change the fact that we'll always be able to
produce more data packets than we have free space in the VirtIO queue.
IMO the expected behavior of the driver in such case should be to:
1. Notify the device there is data to process.
2. Wait for the device to process at least part of it.
3. Retry sending queued packets.
One could expect returning Transmit_result::RETRY from _drv_transmit_pkt
would produce such result. Unfortunately it seems that Uplink_client_base
treats RETRY return value as indication of link being down. It'll retry
sending the packet only after the device notifies it the link is once
again up. This is the reason why nothing happens when running
nic_router_flood on top of virtio_nic driver. The link never goes down
in this case so once we fill the TX VirtIO queue and tell the base class
to retry the send, we'll be stuck waiting for link up change event
which will never arrive.
To fix this problem, when sending a packet to the device fails, do a
synchrnonus TX VirtIO queue flush (tell device there is data to process
and wait until its done with it).
With this fix in place nic_router_flood test scenario passes on both arm
qemu_virt boards.
Issue #4264
The contents of those descriptor rings can be modified by the device.
Mark them as volatile so the compiler does not make any assumptions
about them.
Issue #4264
This commit contains features and buf fixes:
* Catch errors during resource allocation
* Because Mesa tries to allocate fence (hardware) registers for each
batch buffer execution, do not allocate new fences for buffer objects
that are already fenced
* Add support for global hardware status page. Each context additionally
has a per-process hardware status page, which we used to set the
global hardware status page during Vgpu switch. This was obviously
wrong. There is only one global hardware status page (set once during
initialization) and a distinct per-process page for contexts.
* Write the sequence number of the currently executing batch buffer to
dword 52 of the per-process hardware status page. We use the pipe line
command with QW_WRITE (quad word write), GLOBAL_GTT_IVB disabled
(address space is per-process address space), and STORE_DATA_INDEX
enabled (write goes to offset of hardware status page). This command
used to write to the scratch page. But Linux now uses the first
reserved word of the per-process hardware status page.
* Add Gen9+ WaEnableGapsTsvCreditFix workaround. This sets the "GAPS TSV
Credit fix Enable" bit of the Arbiter control register (GARBCNTLREG)
as described by the documentation this bit should be set by the BIOS
but is not on most Gen9/9.5 platforms. Not setting this bit leads to
random GPU hangs.
* Increase the context size from 20 to 22 pages for Gen9. On Gen8 the
hardware context is 20 pages (1 hardware status page + 19 ring context
register pages). On Gen9 the size of the ring context registers has
increased by two pages to 21 pages or 81.3125 KBytes as the IGD
documentation states.
* The logical ring size in the ring buffer control of the execlist
context has to be programmed with number of pages - 1. So 0 is 1 page.
We programmed the actual number of pages before, leading to ring
buffer execution of NOOPs if page behind our ring buffer was empty or
GPU hangs if there was data on the page.
issue #4260
Increased number of trace subjects since the test sporadically fails on
some platforms.
Also added a sanity check to print an error message in case we run into
the same issue again.
Fixesgenodelabs/genode#4261
The NIC router parses, stores and forwards DNS domain names from DHCP replies.
Yet the routers DHCP client used to not request DNS domain-name information on
DHCP requests. This caused DHCP servers to skip this information on their
replies although it was available. This commit fixes the issue by adding the
DNS domain name code to the request parameter list of requests from the routers
DHCP client.
The 'black_hole' component provides dummy implementations of common
session interfaces.
At this time, only the 'Audio_out' session is provided if enabled
in the configuration of the component:
<config>
<audio_out/>
</config>
Issue #3653
According to spec the tail pointer points to the next qword instructions
which will be used by the software.
p 1354, Doc Ref # IHD-OS-BDW-Vol 2c-11.15
issue #4254
Superpages (2M, 1G) are not supported by now, but partially copied over code
from base-hw was around. Remove unused register definitions and remove
non-working super page code do avoid confusion.
issue #4254
Size argument of ggtt free range check is ignored, which leads to
overlapping allocations inside, which leads to unavailable IO-MEM exceptions
thrown by core.
issue #4254
Both, trace_logger and vfs_trace had their own trace_buffer.h. This
commit consolidates the existing implementations and provides the
resulting trace_buffer.h at 'include/trace/'. It thereby becomes part of
the trace api archive.
genodelabs/genode#4244
If the trace subjects are not properly destructed when the TRACE client
disappears, enabled sources will be owned by a non-existing client.
In other words, when a TRACE client disappears all sources owned by the
client must be disabled.
genodelabs/genode#4247
test-trace always passed, although tracing was never enabled because the
trace subject was not within the first 32 subjects.
* increase number of queried subjects
* output error if trace subject was not found
genodelabs/genode#4247
With this commit, the NIC router DHCP client reads out the first DNS domain
name (DHCP option 15) if any from a DHCP reply that generates an IPv4 config
for a domain and stores the name together with the IPv4 config for that domain.
DNS domain names are reported via the new report tag '<dns-domain>' if the
'config' attribute in the config tag '<report>' is set.
Furthermore, the NIC router DHCP server becomes able to obtain a DNS domain
name from another domain that has a DHCP client dynamically (given the config
attribute 'dns_config_from' is set and no static DNS config is given) or
statically from its configuration (new config tag '<dns-domain>') and propagate
this name with DHCP replies (DHCP option 15).
The 'nic_router_dhcp_*' tests are adapted to test the new feautures.
The commit also gets rid of some mirrored files in
'test/nic_router_dhcp/manager'.
Fixes#4246
WARNING: BREAKS CONFIG COMPATIBILITY!
This commit changes the configuration interface of the NIC router in a way that
may break systems that use the component without proper adjustment!
How to adjust:
At each occurrence of the 'dns_server_from' attribute in a NIC router
configuration replace the attribute name with 'dns_config_from'. The attribute
value remains unaltered.
DETAILED DESCRIPTION
The new attribute name 'dns_config_from' reflects that also other aspects of
the DNS configuration of the denominated domain are used by the DHCP server
that holds the attribute. This commit is a preparation for forwarding also the
domain name (DHCP option 15) with the mechanism behind the attribute.
Ref #4246
The fact that the IPv4 config was a struct with all data members public was a
mere leftover of an early state of the NIC router. Today, the router
implementation style is to avoid structs and public data members wherever
possible.
This commit slightly changes the behavior of the router regarding log output.
The router used to print malformed IPv4 configurations to the log only if
the 'verbose' config flag was set using this style:
! [my_domain] malformed dynamic IP config: interface 10.0.2.1/24 ...
Now, malformed IPv4 configurations are only printed if the
'verbose_domain_state' config flag is set (like with any IP4v configuration
states) using this style:
! [my_domain] dynamic IP config: malformed (interface 10.0.2.1/24 ...)
Fixes#4242
The NIC router DHCP server used to add an extra option 6 field to DHCP replies
for each DNS server address. This conflicts with RFC #2132 section 3.8 which
states that the addresses should be listed within one option 6 field without
delimiter. The discrepancy is fixed by this commit.
Ref #4242
Via a new configuration attribute, the user can decide whether the router
should answer dropped fragmented IPv4 with an ICMP "destination unreachable"
packet and, if so, which value the ICMP code field of this packet should have.
The default is that the router doesn't send such responses (silently dropping
fragmented IPv4). The behavior is tested by the 'nic_router_ipv4_fragm' test.
Fixes#4236
If the new attribute 'dropped_fragm_ipv4' of the <report> tag in the NIC router
config is set "yes", the router will report the number of packets that were
dropped per interface respectively domain because fragmented IPv4 is not
supported. The default is not to report the counter. The behavior is tested by
the 'nic_router_ipv4_fragm' test.
Ref #4236
The NIC router used to ignore the IPv4 header fields "More fragments" and
"Fragment offset" completely. Therefore higher-level protocols of fragmented
IPv4 were interpreted wrong because each fragment was considered a self-
standing packet, expecting, for instance UDP/TCP headers somewhere inside of
the UDP/TCP data field. Normally, such packets were dropped as soon as the
UDP/TCP checksum check failed because of the misinterpretation. However,
it was also possible for fragmented IPv4 to pass the router although normally
only partially.
IPv4 fragmentation support in the router would introduce some potential
security risks and is presumably not an easy endeavor. So, for now, we settled
on not supporting IPv4 fragmentation. With this commit, the router simply drops
all fragmented IPv4. This is reflected to the log for each fragment as "drop
packet (fragmented IPv4 not supported)" when 'verbose_packet_drop="yes"' is
configured.
The new test 'run/nic_router_ipv4_fragm' is an automated test for this
behavior. The test is added to the autopilot list.
Ref #4236
* the GPU multiplexer now offers the platform service to the Intel
framebuffer driver (driver_manager)
* ajdusted drivers_managed-pc to hand out resources to the GPU driver
* adjust quotas
issue #4233
The platform services is intented to be used by dde_linux's intel_fb_drv
in order to initlialize displays.
* implement and announce platform session
* limit accessible GTT and aperture of client to 64 MB
* forward display engine IRQs to platform client
* move all PCI resources to 'Igd::Resources' class in order to make them
accessible by the platform service and the GPU driver
* fix fence register allocation for id zero (return true)
issue #4233
For mesa-21 the client takes care and manages
the virtual address space of the vGPU by itself and the intel/gpu driver
can't add silently a guard page anymore. Move the patch to the drm/ioctl
of the former mesa version.
Issue #4148#4233
_unmap_dataspace_ggtt requires the cap of Ggtt::Mapping (ring_map, ctx_map)
in order to find the right metadata and to free up the ggtt entries. Also the
pte range is removed already if the metadata was found.
Issue #4148#4233
BREAKS CONFIG COMPATIBILITY:
This commit changes the configuration interface of the NIC router in a way that
may break systems that use the component without proper adjustment!
HOW TO ADJUST:
At each occurrence of the '<uplink ...>' tag in a NIC router configuration
replace the tag name 'uplink' with 'nic-client'. The rest of the tag stays the
same.
The term "uplink" for network interfaces in the router that have a NIC session
client as back end was introduced in a time when Uplink sessions didn't yet
exist. Now, they do and, although both an uplink and an Uplink session
normally describe a network session between router and network device driver,
they are based on two different service types (NIC and Uplink). This can easily
cause confusion when integrating the router (the <uplink> is not related to
Uplink sessions) or trying to understand its functioning (an 'Uplink' object
has nothing to do with the Uplink service).
Therefore, this commit introduces the more specific term "NIC client" for an
interface that is based on a NIC session requested by the router. This doesn't
imply any semantic changes at the NIC router. However, the commit also brings a
broader update of the router's README and removes the term "downlink" that was
used only in documentation to refer to interfaces backed by a NIC session
provided by the router. The term was only associated with this meaning because
it is the natural counterpart to an uplink. This isn't appropriate anymore as
the terms for interface types have moved to a more technical level.
The commit adjusts all scenarios in the basic Genode repositories properly.
Fixes#4238
An interface that received a signal for a link-state change accessed its
domain reference without assuming that it could not be attached to a domain
at that moment. This caused the NIC router to crash with an uncaught exception
of type 'Net::Pointer<Net::Domain>::Invalid'. The commit adds a catch
directive for this exception resulting in the handler doing nothing if not
attached to any domain.
Fixes#4222
The test script failed during preparation of the on-target execution for
USB Armory with the following error:
! can't read "tz_vmm_block_irq": no such variable
Presumably, the script wasn't run anymore since the introduction of the
'tz_vmm_block_irq' variable for i.MX53 QSB. As we do not have infrastructure
for automated testing of the USB Armory and there seems to be not much
interest in using Genode on this platform, this commit simply removes the
support from the script.
Filtering boards in a run script by specs isn't the right way anymore (the
specs do not exist anymore). Nowadays, we have to use [have_board] instead.
Ref #4229
For unknown reasons, the former 'wget genode.org' call, that was meant to test
network in the Trustzone guest on imx53_qsb_tz, didn't succeed anymore although
the same call succeeded on my Sculpt VM Linux. However, 'ping 1.1.1.1' still
works, so, the script now uses this as test for networking instead.
Fixes#4229
So far, in order to create an ARP reply, the NIC router merely created a copy
of the corresponding ARP request and modified only those values that differ.
This approach has the disadvantage of re-using bad parameters from a broken
request. The specific use-case that made this visible was an early version of
the Pine board network driver that used to forward ARP requests with a greater
size than required. The ARP replies of the router re-used this size and
confused other network nodes with that. In general, the NIC router should
rely on the data of incoming packets the least possible. Therefore, with this
commit, the router creates a new ARP reply from scratch and uses only those
values required from the corresponding ARP request.
Fixes#4235
The former declaration of the IPv4 packet did not only use the questionable
tool of implementation-defined C++ bitsets but also lacked access to flags
"don't fragment" (DF) and "more fragments" (MF). This commit replaces the
C++ bitsets by using the register framework and introduces accessors for the
missing flags.
Ref #4236
This commit introduces a C-API to the Uplink session, as well as to
serve as a Block service. It can be used by drivers ported from
C-only projects, like the Linux kernel, or BSD kernels for instance.
Fix#4226
Adds try-catch-statement with diagnostic errors in Dhcp_server::free_ip in
order to guard against exceptions from the underlying bit allocator. These
exceptions should never happen given that the router is programmed correctly
and always feeds Dhcp_server::free_ip with sane arguments (which it should).
However, should this not be the case, we can assume that the failed IP freeing
indicates that the IP isn't allocated anyway and it's fine to continue using
the router. Furthermore, IP allocations are a mere client service and not
relevant for the integrity or safety of the router.
Ref #4200
When Interface::handle_config_3 (third step of applying a new configuration to
interfaces) tried to detach the interface from the current IP config because
the old and new IP config differed, it did so using the new domain. The former
steps of the reconfiguration already installed the new domain reference at the
interface. Therefore, also the DHCP server of the new domain was used. This,
however caused uncaught exceptions because detaching from an IP config
includes dissolving all DHCP allocations. This dissolving of DHCP allocations
now operated on a DHCP server (the one of the new domain) that wasn't related
to the allocations and, in the worst case, caused an uncaught exception
because the IPs were out of its range.
That said, this commit ensures that detaching an interface from an IP config
is always done on the domain from which the IP config originated. Normally,
this is the domain the interface is attached to. But in the case of
Interface::handle_config_3, it is another - the former domain the interface
was attached to.
The commit also adapts the nic_router_dhcp_* tests in a way that they
reconfigure the router in a way that would trigger the uncaught exception
without the fix.
Fixes#4200
Adapts Dir_file_system::open_composite_dirs in a way that it returns "success"
when the leaf node of the path is an empty directory but "lookup failed", as
usual, if one of the other directories on the way to the leaf node is empty.
I couldn't find a technical reason why we used to return "lookup failed" when
only the leaf node was empty.
The commit also adds a test for en empty root directory and empty
sub-directories to the fs_query run script.
Fixes#4198
Enable watching files via the inotify interface of the Linux Kernel.
Delivery of watches to components is staggered in order to prevent an
overflow of the ACK queue in cases when a lot of changes are made to the
file system from the Linux side.
Fixes#4070
A reset domain can consist of one or several reset-pins
denoted by name that are assigned to a device.
When the device gets acquired via the Platform RPC API,
the pins are de-asserted, and asserted again when the
device gets released.
A configuration looks like the following:
<device name="mipi_dsi>
<reset-domain name="mipi_dsi_pclk"/>
...
</device>
Fixes#4171
Introduces the notion of a transaction that consists of one or more
messages. Whereby a message has a read or write direction and consists
of one or more bytes.
Issue #4170Fixes#4169
Report via platform_info the capabilities of the kernel, e.g. ACPI and MSI.
With the commit the try-catch pattern on IRQ session creation by the platform
driver is avoided.
Issue #4016
This patch moves the utility from the app/text_area to os/vfs.h to make
it easier to use by other components. By hosting the 'New_file' as a
friend alongside the 'Directory', we can now pass a 'Directory' as
constructor argument, which is consistent with other utilities such as
'File_content'.
As a further improvement, the new version supports the implicit creation
of the directory hierarchy leading to the new file.
Issue #4032
For fs_file_systems, reads are limited to the size of the packets from the
File_system session. Hence, we cannot read the large files in one go.
This fix is particularly helpful for fonts_fs, as it enables including font
files from a File_system.
genodelabs/genode#4135
When a DHCP packet is printed out, it first tries to determine the most
specific message type from the DHCP options and print its human-readable name
right after the protocol name. If finding the message type fails, the less
specific opcode is printed instead, but also in a human-readable way.
Fixes#4131
This new runscript demonstrates how a file can be overwritten by vfs
import with the flag overwrite set to false. This is due to a bug
in lx_fs that is not propagating an ernno EEXIST syscall error.
Issue genodelabs#4104
This commit introduces a fix for lx_fs to propagate errno EEXIST error.
This prevents vfs <import overwrite="false"> to overwrite an imported
file, if it already exists, without the overwrite flag set to true.
Issue genodelabs#4104
With the update to GCC 10, the compiler stopped with an error when compiling
places where a MAC address is copied from outside into a packed object using
the Net::Netaddress::copy method (e.g. in
Net::Arp_packet::dst_mac(Mac_address)):
! error: writing 6 bytes into a region of size 4 [-Werror=stringop-overflow=]
While trying to find a clean solution for this error, I found posts on
gcc.gnu.org and github that stated that the size calculations that cause these
errors are incorrect. Indeed, I could verify that the actual size of the two
regions was static and exactly the same in places were the error occured.
Furthermore, I couldn't find a way of making it more clear to the compiler
that the sizes are the same. By accident, we found that using the address of
the first element of the array that forms the second region instead of the
array address itself, somehow circumvents the error.
Fixes#4109
With the update to GCC 10 the compiler used to warn when using the internet
checksum functions on packet classes (like in
Net::Ipv4_packet::update_checksum):
warning: converting a packed ‘Net::[PACKET_CLASS]’ pointer
(alignment 1) to a ‘const uint16_t’ {aka ‘const short
unsigned int’} pointer (alignment 2) may result in an
unaligned pointer value
Apparently, the 'packed' attribute normally used on packet classes sets the
alignment of the packet class to 1. However, for the purpose of the
internet-checksum functions, we can assume that the packet data has no
alignment. This is expressed by casting the packet-object pointer to a pointer
of the new packed helper struct 'Packed_uint16' that contains only a single
uint16_t member before handing it over to the checksum function (instead of
casting it to a uint16_t pointer).
Ref #4109
The NAT feature of the NIC router used to prefer re-using source ports that
have been freed recently. From an external server's perspective, if a client
dies and restarts, chances are high that the new connect arrives with the same
source-IP/source-port as the old connection. The server has to forcefully reset
the connection. If that happens a lot, the server may even start to ignore
further connections from this IP/port combination for a while as a mitigation.
This patch adds a continuous counter feature that makes sure that every new
port allocation will increment and result in a port that hasn't been used for a
long time.
The NAT feature of the nic_router is now more in line with RFC 6056 chapter 4.
Ref #4086
KEY_UNKNOWN is a collective symbols for all unknown keycodes.
Remapping thus requires iterating through all corresponding codes
instead of only applying the policy to the first match.
Issue genodelabs#4069
Introduce a new _overflowed state variable to indicate whether the
horizontal boundary was reached already and to omit subsequent character
output.
This state is necessary to maintain a valid cursor position at all
times. The _overflowed attribute is reset once the cursor is moved into
a valid position again.
To harmonise the bounds checking for _cursor_pos modifications, the
`constrain()` method was added.
Fixesgenodelabs/genode#4093
Also fixes a bug in `vpa()` and `vpb()` which moved the cursor
horizontally instead of vertically.
* The device XML information dataspace is only provided,
when the client's policy states `info="yes"`
* The device XM information gets changed to include the
physical resource names (I/O memory and IRQ addresses)
instead of virtual ids and page offset
Fix#4077
This is a follow-up fix for "Streamline platform-device API on ARM".
There is an ambiguity of the 'local_addr' method between the inherited
'Attached_dataspace' and the local declaration, which results in the
double application of the sub-page Range::start.
Issue #4075
This API rework eases the access to memory-mapped I/O registers and
interrupts when using the platform driver. It introduces the notions of
- Platform::Device - one device obtained from a platform session
- Platform::Device::Mmio - locally-mapped MMIO registers of a device
- Platform::Device::Irq - interface for receiving device interrupts
The patch touches several drivers. Some drivers would require a
significant structural change to adopt the new API (e.g., net/virtio,
dde_linux drivers, imx gpio). In these cases, the patch adds
compatibility shims meant to be temporary. In other cases (e.g., imx
i2c), the adaptation was simple enough to carry through.
Fixes#4075
These messages pollute the boot log of Sculpt OS when ROM modules are
requested for files of the config fs before the sculpt manager has
created their first version.
This patch extends the 'Platform_session::alloc_dma_buffer' interface
with a 'Cache' argument that corresponds to the argument accepted by
'Ram_allocator::alloc', which is used by the platform driver under the
hood.
Since the x86 platform driver used to be hardwired to allocate DMA
buffers as UNCACHED, I adjusted all drivers by specifying the UNCACHED
argument. Right now, this is needed as a hint for core to steer the
allocation of I/O page tables. Once we eliminate the need for such hints
(by introducing an explicit 'Region_map::attach_dma' operation), we can
revisit the drivers individually because cached DMA buffers should
generally be fine on the x86 architecture.
Issue #2243
This change avoids many repetetive Genode:: prefixes, making the code
easier to read. The patch also includes a few consistency fixes
regarding include guards and file headers. It also renames
Platform_device::String to Platform_device::Device:name.
Issue #2243
This patch adds the designated alternative to Dataspace::phys_addr to
the platform-session interface. Under the hood, the platform driver
still calls Dataspace::phys_addr but it should eventuelly become the
only caller before we can abolish this function.
Issue #2243
This commit optimizes the 'Child::resolve_session_request'
implementation by introducing an internal 'Route_model' for quickly
traversing routing rules instead of parsing XML on each session request.
Fixes#4068
This commit replaces the hand-crafted config processing by the use of
the 'List_model' utility. This has the following advantages:
- The parsing follows a common formalism that makes the code
easier to maintain and to understand. Several parts of the code
had to be changed (for the better) to make it fit the list model
approach. E.g., the child states have become more expressive
and logical.
- In the common case, the XML data is traversed only once, which
increases the parsing speed in dynamic scenarios.
- The code becomes easier to optimize. In particular, the patch skips
the re-evaluation of the session routing if no service is affected
by the config change.
The patch also revisits the init test by removing overly long sleep
phases and extending a few sleep phases that were too short when
executing the test on Qemu.
Issue #4068
This patch changes the 'alloc_aligned' interface as follows:
- The former 'from' and 'to' arguments are replaced by a single
'range' argument.
- The distinction of the use cases of regular allocations vs.
address-constrained allocations is now overed by a dedicated
overload instead of relying on a default argument.
- The 'align' argument has been changed from 'int' to 'unsigned'
to be better compatible with 'addr_t' and 'size_t'.
Fixes#4067
This patch avoids the RTC driver's aggressive polling during the
(CPU-bounded) boot of Sculpt OS. As the RTC is not needed during bootup,
this patch reduces the boot time (on Qemu) by 2-4 seconds.
Fixes#4065
If 'system="yes"' is specified in the <config>, the platform driver now
monitors the content of the system ROM. Should the value become "reset",
a reset is triggered using information obtained from the ACPI driver.
Related to issue #2726
The change of the platform driver is needed to avoid a parsing error of
the ACPI ROM when encountering an unexpected <reset> node.
Thanks to Alexander Boettcher for the preventing the regression of #3829
and improving the adherence to the ACPI spec when parsing the reset type.
Related to issue #2726
In case there is no valid configuration the component used to mute
output by default. This, however, might lead to the assumption that
audio is not working at all. Instead set the master output volume to
50% and the per application volume to 100%.
Fixes#4043.
This patch adds the missing destruction of session-state objects of
local services when closing a session. Because of the missing
destruction, those session-state object remained part of the server
ID space. This becomes a problem once the backing store of the session
state object vanishes, that is when the client child gets removed from
the sandbox. Hence, the removal of a child with an open session to a
local service would lead to the corruption of the server ID space.
This patch adds the missing session.destroy() call.
Fixes#4044
This patch fixes a corner case where a child is destructed while a
asynchronous close request to a sibling server is still pending.
The child immediately discarded the session ID as the end of the
close-session processing, assuming that this ID is never to be needed
again. The session-state continues to exist to handle asynchrous close
protocol with the server.
However, if the child is destructed at this point (before the server
responded to the session request), the destruction of the child would
not cover the discharging of the session state because the session state
was no longer be part of the client's ID space. So once the asynchronous
close response from the server came in, the session state contained
stale information, in particular a stale closed_callback pointer.
The patch fixes the problem by deferring the discarding of the client ID
to the point where the session state is actually destructed. So the
session of a pending close response is covered by the child destructor.
Thanks to Pirmin Duss for reporting this issue along with a test
scenario for reproducing it!
Fixes#4039
* catch every possible path of the Bit_allocator_dynamic::Out_of_indices
exception
* add unconditional log output in the new "catch" directives, so, we will be
able to debug the problem a bit more in detail next time
Fixes#4036
This way, the redirected env sessions for the CPU burner are no longer
called directly by init. Init stays independent from the behavior of the
CPU balancer.
Issue #3837
Issue #4029
This shim component can be used in case where env sessions of child
(i.e., child's PD session) must be routed to another child of init.
Without the shim, init would directly need to interact with these
sessions and would thereby make itself dependent of the server's
behavior. RPC calls to a server hosted as a child lead to all kinds of
problems such as livelock situations, and putting the robustness of init
at the whim of its child.
With the shim, init merely needs to bootstrap the shim component by
routing the shim's env sessions to core as usual. The server is only
used for the sessions for the actual application hosted atop the shim.
Issue #3837
Issue #4029
* Add new virtio device model
* Extend test run-script with vfat block test image
* Add vmm depot src recipe
* Use packages in test run-script
Fix#4025
* Introduce different index types for ring counters and descriptor arrays
within the Virtio split queue implementation
* Be more accurate in reporting the queue number supported, and raise it
to 512
* Introduce abstractions for mmio register access, where several values
are stored at the same place, and selector registers exist.
* Turn Virtio_device into a template to define the Virio queue type,
and its numbers per device model (needed for e.g., future block model)
Issue #4025
The vfs pipe plugin can now be used as named pipe which anables data
transfer via file handles from one component to another. E.g. if one
would like to send data from component A to stdin of a libc component B,
one can do so by simply writing to that fifo file.
Issue #3583
* Update the 'packet_size' information with the actual length for
each isoc frame to be able to handle short reads at the client side.
* Copy the whole transfer buffer because the host controller stores
the data at the original offsets, i.e., the buffer is not densely
packed.
Fixes#4018.
This patch adds the missing invalidation of the _hovered pointer to
User_state::forget, which is required to cover the situation where the
owner of the hovered view vanishes.
Fixes#4011
The Vmm::Gic::Gicd_banked::Redistributor is used with Constructible, but
does not have a virtual destructor even though it has virtual methods.
This prompts clang to issue the following warning:
reconstructible.h:122:4: warning: destructor called on non-final
'Vmm::Gic::Gicd_banked::Redistributor' that has virtual functions
but non-virtual destructor [-Wdelete-non-abstract-non-virtual-dtor]
Fix this by inheriting Genode::Interface.
Issue #3984
The "unsigned Nitpicker::Gui_session::layer()" function returns
~0UL. This prompts clang to produce a warning about implicit unsigned
long to unsigned int conversion. Fix it by returning ~0U instead of
~0UL.
Issue #3985
The _device_specific_features() implements part of the Virtio_device
interface. Decorate it with override keyword to make this clear and
also satisfy clang which produces warning regarding this.
Issue #3984
Clang 11 produces the following warning when building port_allocator.cc:
port_allocator.cc:27:21: error: result of comparison of constant 65536 with
expression of type 'const Genode::uint16_t' (aka 'const unsigned short') is
always true [-Werror,-Wtautological-constant-out-of-range-compare]
(port.value < (unsigned)(Port_allocator::FIRST +
Basically the code compares Port::value (uint16_t) against a constant
65536 which is larger than UINT16_MAX (65535). This comparison will always
be true.
Issue #3984