Adds the <new-file> operation to the fs_tool. When configured, the
<new-file path="...">...</new-file> tag will cause creation or overwriting of
the file given through the 'path' attribute. The file will contain the text
content of the tag.
Ref #4032
This patch moves the utility from the app/text_area to os/vfs.h to make
it easier to use by other components. By hosting the 'New_file' as a
friend alongside the 'Directory', we can now pass a 'Directory' as
constructor argument, which is consistent with other utilities such as
'File_content'.
As a further improvement, the new version supports the implicit creation
of the directory hierarchy leading to the new file.
Issue #4032
Mapping normal memory bufferable restores support for unaligned reads on
DMA memory and prevents the following errors on imx6q_sabrelite.
KERNEL0: alignment error at 18003061 (PC: 0102e3f8, SP: 401ffb18, FSR: 90000001, PSR: 20000110)
Issue #4094
Issue #4157
By adding an attribute 'size="yes"' to a query, one instructs fs_query to
report also the size of each queried file as attribute 'size' of the
corresponding 'file' node.
Ref #4032
The fs_query component used to try watching all files it found resulting in
errors on files that are not watchable. For some files, however, the watch-
feature doesn't make sense as they are not readable (no content, no size).
Now, fs_query will check first whether a file is readable and skip watching
if it isn't.
Ref #4032
When configuring fs_query to print the content of files it used to try so for
all files it found resulting in errors on files that are not readable. Now,
fs_query will check first whether a file is readable and skip printing the
content of those that are not.
Ref #4032
Managing ssh event file descriptors was performed from two different
threads which could cause reallocation of structure used in other thread
in a call to 'poll' function.
Splitted initialization to parts and moved ssh event part into ssh loop.
Issue #4095
Moved creating ssh loop thread after initialization of wake up server
file descriptors to make sure that they will be properly handled even in
first loop run.
Issue #4095
After update of stdcxx, either hardware (CPU) random sources are taken
or, if not available/insufficient, /dev/urandom is used.
Issue #3967
Issue #4094
For fs_file_systems, reads are limited to the size of the packets from the
File_system session. Hence, we cannot read the large files in one go.
This fix is particularly helpful for fonts_fs, as it enables including font
files from a File_system.
genodelabs/genode#4135
Comment in Linux sources:
Since an ethernet header is 14 bytes network drivers often end up with
the IP header at an unaligned offset. The IP header can be aligned by
shifting the start of the packet by 2 bytes. Drivers should do this
with:
skb_reserve(skb, NET_IP_ALIGN);
This is ensured when using netdev_alloc_skb_ip_align().
Issue #4094
This patch takes advantage of block transfer interrupts on Intel XHCI
controllers which is used during isochronous transfers. Because of a bug
in hardware (see usb_host_isoc_bei.patch header), this feature has been
disabled for Intel leading to up to 8000 interrupts/s for isochronous
transfer causing severe CPU consumption on Genode. With this commit we
lower host driver consumption to normal levels.
issue #4149
A Lx::Task is now associated to a USB device not the session any more.
This implies that a task lives as long as the device making it possible
to gracefully handle outstanding requests (i.e., synchronous) in case
the session has been closed.
issue #4149
The old port version contained '*.ali' files that were build with an older GCC
which led to problems when compiling packages that use the port with the new
GCC 10. The '*.ali' files of the new port version were generated with GCC 10.
Fixes#4145
When loading shared libraries via the 'Shared_object' interface display
all additionaly loaded libraries in case 'ld_verbose' is configured. Up
until now, only the loaded library was displayed. In order to determine
if a dependend library had arlready been loaded prior to loading the
'Shared_object' the reference counter is used.
fixes#4147
The default size is on most kernels 512M. On OKL4 we have to use 800M,
because of the statically configured memory ranges in the OKL4 kernel.
By avoiding a specific amount of memory, the default Qemu memory sizes are
used.
Issue #4095
Revert GNU ld to the old behavior where sections with the same name in multiple
ld scripts are merged. Binutils 2.36.1 creates two sections with the same name.
Fixes#4126
Download gmp, mpc and mpfr with the download script provided by the
gcc source tree and let the gcc build system handle the build of these
libraries with the correct compile options. This fixes build issues on
armhf Linux and removes the need to maintain mpc and mpfr ports in
the Genode tree.
Issue #4094
This patch fixes a GCC-10 compile error. Even though the optimization
was quite effective - I measured a speedup of factor 2 - it is not all
that important for the overall application performance. In the nano3d
case, we are talking about 1 vs. 2 percent of CPU time.
Fixes#4140
The kernel-agnostic 'Trace::timestamp' function for arm_64 executes the
'mrs %0, pmccntr_el0' instruction, which is not permitted for user-level
programs on Linux. This patch shadows the generic timestamp.h header
with dummy that returns zero. This return value prompts the timeout
framework to disable the interpolation of time based on timestamps. This
avoid the illegal-instruction abort but comes with two llimitations:
First, time measurements are effectlively limited to a granulariry of 1
millisecond (deliberately constrained by the timer driver).
The quirk is applied when using the base-linux API. Should a generic
application (that uses the base API only) call 'Trace::timestamp'
directly, the illegal instruction is executed.
Issue #4136
This patch adds support for running Genode/Linux on the AARCH64
architecture.
- The kernel-agnostic startup code (crt0) had to be extended to
capture the initial stack pointer, which the Linux kernel uses
to pass the process environment. This is in line with the
existing startup code for x86_32 and x86_64.
- The link order of the host libraries linked to lx_hybrid
programs had to be adjusted such that libgcc appears at last
because the other libraries depend on symbols provided by
libgcc.
- When using AARCH64 Linux as host, one can execute run scripts
via 'make run/<script> KERNEL=linux BOARD=linux' now.
Issue #4136
When a DHCP packet is printed out, it first tries to determine the most
specific message type from the DHCP options and print its human-readable name
right after the protocol name. If finding the message type fails, the less
specific opcode is printed instead, but also in a human-readable way.
Fixes#4131
By moving core's build-description to a library - a pattern already
employed for the other base platforms - we become able to cleanly split
x86-specific code (I/O-port access) from generic code. This is a
prerequisite for enabling non-x86 architectures such as AARCH64.
Issue #4136
This new runscript demonstrates how a file can be overwritten by vfs
import with the flag overwrite set to false. This is due to a bug
in lx_fs that is not propagating an ernno EEXIST syscall error.
Issue genodelabs#4104
This commit introduces a fix for lx_fs to propagate errno EEXIST error.
This prevents vfs <import overwrite="false"> to overwrite an imported
file, if it already exists, without the overwrite flag set to true.
Issue genodelabs#4104
The former implementation called 'TRACE_AND_STOP' which led to the
'usb_host_drv' to stop whenever such a function was called. Rather
than stopping return '0' and let the contrib code deal with this
situation.
Issue #4116.
This commit backports the Linux upstream commit (d4a6106) [*]
that introduces a check to prevent the sglist from being used
unconditionally.
[*] 'xhci: fix bounce buffer usage for non-sg list case'
Fixes#4116.
Unconditionally setting MAKEFLAGS to just 's' is not nice because other
flags cannot be passed through the run script. What the script desires
is to disable the automatically enabled '--print-directory' for sub-make
instances when calling tool/port/current by declaring
'--no-print-directory'.
Until now, Genode's Linux system call bindings were based on original
Unix system calls that were later superseded by more flexibile variants.
E.g., 'openat' is a modern version of 'open'. Even though Linux upholds
the compatiblity with the original versions for existing architectures
like x86, the legacy syscalls are absent for the recently added AARCH64
architecture. A good overview of the system calls accross the prominent
architectures can be found at
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md
This patch updates Genode's syscall bindings to avoid legacy versions,
thereby easing the support for AARCH64. The used "modern" versions
were introduced back in Linux version 2 days. So we are fine to rely
on them.
The patch slightly changes the signature for lx_stat because this system
call is merely used to check for the existance of a file and its size.
The new name 'lx_stat_size' draws a closer connection to its use case.
That said, the stat syscall has not been updated to the modern statx
since statx is still a fairly recent addition.
Issue #4136
This patch simplifies the use of the clone system call for creating
processes and threads. Until now, the binding used an opaque pointer
argument to pass context information to the newly created process or
thread. However, upon close inspection, this is not a strict
requirement.
A newly created thread accesses its contextual information by
using its stack pointer as key. The pointer argument is not used.
The creation of processes is strictly serialized because the
intermediate stack used in-between clone and execve is a global
variable. Since we rely on the serialization anyway, we can pass the
context information of a new process via a global variable as well.
This change simplifies the syscall binding for the upcoming AARCH64
support, which would otherwise require us to deal with the notion
of TLS on Linux.
Issue #4136
With the update to GCC 10, the compiler stopped with an error when compiling
places where a MAC address is copied from outside into a packed object using
the Net::Netaddress::copy method (e.g. in
Net::Arp_packet::dst_mac(Mac_address)):
! error: writing 6 bytes into a region of size 4 [-Werror=stringop-overflow=]
While trying to find a clean solution for this error, I found posts on
gcc.gnu.org and github that stated that the size calculations that cause these
errors are incorrect. Indeed, I could verify that the actual size of the two
regions was static and exactly the same in places were the error occured.
Furthermore, I couldn't find a way of making it more clear to the compiler
that the sizes are the same. By accident, we found that using the address of
the first element of the array that forms the second region instead of the
array address itself, somehow circumvents the error.
Fixes#4109
With the update to GCC 10 the compiler used to warn when using the internet
checksum functions on packet classes (like in
Net::Ipv4_packet::update_checksum):
warning: converting a packed ‘Net::[PACKET_CLASS]’ pointer
(alignment 1) to a ‘const uint16_t’ {aka ‘const short
unsigned int’} pointer (alignment 2) may result in an
unaligned pointer value
Apparently, the 'packed' attribute normally used on packet classes sets the
alignment of the packet class to 1. However, for the purpose of the
internet-checksum functions, we can assume that the packet data has no
alignment. This is expressed by casting the packet-object pointer to a pointer
of the new packed helper struct 'Packed_uint16' that contains only a single
uint16_t member before handing it over to the checksum function (instead of
casting it to a uint16_t pointer).
Ref #4109
The NAT feature of the NIC router used to prefer re-using source ports that
have been freed recently. From an external server's perspective, if a client
dies and restarts, chances are high that the new connect arrives with the same
source-IP/source-port as the old connection. The server has to forcefully reset
the connection. If that happens a lot, the server may even start to ignore
further connections from this IP/port combination for a while as a mitigation.
This patch adds a continuous counter feature that makes sure that every new
port allocation will increment and result in a port that hasn't been used for a
long time.
The NAT feature of the nic_router is now more in line with RFC 6056 chapter 4.
Ref #4086
pthread.0 acquires a write buffer mutex and calls potentially
blocking fs operations. The EP thread handles session requests and tries to
acquire the same write buffer lock. IO progress events for pthread.0 are
handled by the EP thread, which however is blocking on the write buffer mutex.
The commit uses two write buffers, one which is filled by the EP and a second
which is used by pthread.0. The two buffers are swapped protected by a mutex
without invoking blocking fs operations.
Issue #4095
The exec_terminal generates a config report which is used as input ROM for
sandbox/init, which does not support an "<empty>" node.
An empty config node is empty, without an node.
Issue #4095
Was still using the event_filter.config from drivers_interactive-pc
although a dedicated file is present in the raw archive.
The fix is just for consistency reasons, as sculpt manager is generating the
event_filter.config anyway.
KEY_UNKNOWN is a collective symbols for all unknown keycodes.
Remapping thus requires iterating through all corresponding codes
instead of only applying the policy to the first match.
Issue genodelabs#4069
This patch increases the RAM quota of the top-level nitpicker instance
to 12 MiB so that resize operations can be buffered for resolutions up
to 2560x1080. It mutes diagnostic messages of the form "Warning: Gui
(...) not enough RAM to preserve buffer content during resize" and
improves the window-resize experience.
With this patch, the user is able to re-gain access to the inspect view
by toggling the inspect button of a file system unrelated to the failed
USB storage device.
Fixes#4090
Issue #3967
triggers using -O0 with test-libc_integration:
libc_integration/main.cc:146: undefined reference to `std::istream::operator>>(unsigned long&)'
contrib/stdcxx-80f380143250d4f951433876698b54fdac32b95f/include/stdcxx/std/thread:67: undefined reference to `vtable for std:🧵:_State'
Introduce a new _overflowed state variable to indicate whether the
horizontal boundary was reached already and to omit subsequent character
output.
This state is necessary to maintain a valid cursor position at all
times. The _overflowed attribute is reset once the cursor is moved into
a valid position again.
To harmonise the bounds checking for _cursor_pos modifications, the
`constrain()` method was added.
Fixesgenodelabs/genode#4093
Also fixes a bug in `vpa()` and `vpb()` which moved the cursor
horizontally instead of vertically.
The direct execution of application-level code by a watch handler is
troublesome because those handlers are executed at the I/O signal level.
In the concrete case, the watch handler got recursively called because
the handler called _handle_config (application-code), which called the
VFS, which in turn performed a wait_and_dispatch_one_io_signal, which
again invoked the watch handler.
The patch works around the problem by letting the watch notification
trigger the application-level signal for the _config_handler.
Fixes#4091
I created a test program which stresses the interplay between libc,
pthreads and vfs_pipe and may detect regressions.
The program starts a thread that spawns a bunch of workers, sends and
receives data to them through a pipe. When all data of a worker is
collected, the worker is finished (join()) and a new worker is started.
Both the number of bytes sent to the worker and the size of its
answer are random.
Issue #3967
* The device XML information dataspace is only provided,
when the client's policy states `info="yes"`
* The device XM information gets changed to include the
physical resource names (I/O memory and IRQ addresses)
instead of virtual ids and page offset
Fix#4077
As linux drivers may distinguish device configuration by pci subdevice id in
addition to the pci device id, the former must also be used for finding the
matching entry. Otherwise, e.g., the iwlwifi driver might load the wrong
firmware.
Side note: Add break statement to save superfluous iterations after
match was identified.
Fixes genodelabs#4076
This is a follow-up fix for "Streamline platform-device API on ARM".
There is an ambiguity of the 'local_addr' method between the inherited
'Attached_dataspace' and the local declaration, which results in the
double application of the sub-page Range::start.
Issue #4075
This compilation unit contains a global constructor, which violates our
assumption that the libc is free of global constructors on ARMv7.
Specifically, the graphical terminal fails with the following message:
[init -> terminal] Error: Component::construct() returned without executing
pending static constructors (fix by calling
Genode::Env::exec_static_constructors())
[init -> terminal] Error: Uncaught exception of type 'Linker::Fatal'
In this case, the libc-less terminal uses the VFS. The VFS mounts the
ttf VFS plugin. The ttf VFS plugin depends on the libc.
The compilation unit 'arm_initfini.c' can safely be excluded because it
merely initializes the global '_libc_arm_fpu_present' variable, which
is not used by the current version of our libc/libm.
Fixes#4080
This API rework eases the access to memory-mapped I/O registers and
interrupts when using the platform driver. It introduces the notions of
- Platform::Device - one device obtained from a platform session
- Platform::Device::Mmio - locally-mapped MMIO registers of a device
- Platform::Device::Irq - interface for receiving device interrupts
The patch touches several drivers. Some drivers would require a
significant structural change to adopt the new API (e.g., net/virtio,
dde_linux drivers, imx gpio). In these cases, the patch adds
compatibility shims meant to be temporary. In other cases (e.g., imx
i2c), the adaptation was simple enough to carry through.
Fixes#4075
This patch adjusts the matching of the IP address such that the external
IP address is used as opposed the the NAT-local address. It is follow-up
fix of the conversion to the uplink session interface.
Issue #3961
When we allowed symbol resolution during exceptions, we used the shared
object lock to protect ELF object list manipulation (e.g., dlopen,
dclose) when executing exception unwinding code in the linker.
Unfortunately, sometimes libraries that are loaded by 'dlopen' may raise
exceptions in the process, leading to a deadlock within the unwind code.
In order to resolve this, we now protect the object list operations
(i.e., enqueue, removal, iteration) by a separate mutex. This allows
the shared object interface to throw exceptions.
issue #4071
This patch unifies the core-internal 'Mapping' type across all base
platforms.
As one minor downside on seL4, the diagnostic error messages when
observing faults other than page faults no longer print the faulting
thread and PD names.
Issue #2243
These messages pollute the boot log of Sculpt OS when ROM modules are
requested for files of the config fs before the sculpt manager has
created their first version.
When the own cap quota of a client does not suffice for a cap upgrade of
an existing session to a server, the client must issue a cap-resource
request to the parent. This logic was already in place for RAM quota but
was missing for cap quota.
Issue #4072
When callback functions of `dl_iterate_phdr` required further jump slot
relocations this lead to a deadlock. Therefore, we allow the resolution
of further symbols from callback functions, but protect the ELF object
list during the iteration, which blocks any dynamic loading (e.g.,
dlopen/dlcose) of shared object by other threads while in program header
iteration.
fixes#4071
Apparently the skewed motion timings came from the issue fixed by
"timer: restore semantics of periodic timeout 0". With the current
version of the timer, the original motion parameters work just fine.
This patch extends the 'Platform_session::alloc_dma_buffer' interface
with a 'Cache' argument that corresponds to the argument accepted by
'Ram_allocator::alloc', which is used by the platform driver under the
hood.
Since the x86 platform driver used to be hardwired to allocate DMA
buffers as UNCACHED, I adjusted all drivers by specifying the UNCACHED
argument. Right now, this is needed as a hint for core to steer the
allocation of I/O page tables. Once we eliminate the need for such hints
(by introducing an explicit 'Region_map::attach_dma' operation), we can
revisit the drivers individually because cached DMA buffers should
generally be fine on the x86 architecture.
Issue #2243
This change avoids many repetetive Genode:: prefixes, making the code
easier to read. The patch also includes a few consistency fixes
regarding include guards and file headers. It also renames
Platform_device::String to Platform_device::Device:name.
Issue #2243
This patch adds the designated alternative to Dataspace::phys_addr to
the platform-session interface. Under the hood, the platform driver
still calls Dataspace::phys_addr but it should eventuelly become the
only caller before we can abolish this function.
Issue #2243
This commit optimizes the 'Child::resolve_session_request'
implementation by introducing an internal 'Route_model' for quickly
traversing routing rules instead of parsing XML on each session request.
Fixes#4068
This commit replaces the hand-crafted config processing by the use of
the 'List_model' utility. This has the following advantages:
- The parsing follows a common formalism that makes the code
easier to maintain and to understand. Several parts of the code
had to be changed (for the better) to make it fit the list model
approach. E.g., the child states have become more expressive
and logical.
- In the common case, the XML data is traversed only once, which
increases the parsing speed in dynamic scenarios.
- The code becomes easier to optimize. In particular, the patch skips
the re-evaluation of the session routing if no service is affected
by the config change.
The patch also revisits the init test by removing overly long sleep
phases and extending a few sleep phases that were too short when
executing the test on Qemu.
Issue #4068
This patch changes the 'alloc_aligned' interface as follows:
- The former 'from' and 'to' arguments are replaced by a single
'range' argument.
- The distinction of the use cases of regular allocations vs.
address-constrained allocations is now overed by a dedicated
overload instead of relying on a default argument.
- The 'align' argument has been changed from 'int' to 'unsigned'
to be better compatible with 'addr_t' and 'size_t'.
Fixes#4067
This patch avoids the RTC driver's aggressive polling during the
(CPU-bounded) boot of Sculpt OS. As the RTC is not needed during bootup,
this patch reduces the boot time (on Qemu) by 2-4 seconds.
Fixes#4065
GDB monitor re-uses internal parts of the sandbox library. It thereby
relies on the internal detail of how local headers are included (using
"" instead of the now usual practice <>). A seemingly unrelated change
"init/sandbox: avoid repetitive state reports" eventually broke the
build of the GDB monitor.
This patch makes the GDB monitor less reliant on the way of how the
sandbox includes headers internally.
It also fixes a few warnings caused by the double definition of
__GENODE__ (adding an missing include guard and making the #define
conditional).
Related to issue #4064
The 'Timer::Session::trigger_periodic' RPC function used to accept 0 as
a way to de-schedule the periodic processing. Several components such as
nitpicker relied on this special case. In "timeout: rework timeout
framework", the value of zero was silently clamped to 1, which has the
opposite effect: triggering signals at the maximum rate. This results in
a visible effect in Sculpt where the leitzentrale-nitpicker instance
produces a constant load of 2% CPU time.
This patch restores the original timer semantics by
- Documenting it in timer_session.h,
- Handling the case explicitly in the timer implementation, and
- Replacing the silent clamping of the unexpected value 0 passed
to the timeout framework by a diagnostic error message.
Issue #3884
This patch restores the ability to launch nitpicker within a gui_fb
window. It is a follow-up fix for "nitpicker: make framebuffer and input
optional".
Issue #3812
This patch enables sculpt to utilize the CPU reset mechanism via the
PS/2 controller as well as the information provided via the ACPI FADT
information. Whenever the /config/system file is changed to <system
state="reset"/>, both mechanisms are triggered.
Supporting both mechanisms is useful because the PS/2-based reset does
not work reliably on modern machines. The PS/2-based reset is useful in
the case when the FADT reset information refers to the PS/2 command
port. In this case, the platform driver is unable to access this port
because it is already handed out to the PS/2 driver. In this case, the
PS/2 driver kicks in.
Issue #2726
If 'system="yes"' is specified in the <config>, the platform driver now
monitors the content of the system ROM. Should the value become "reset",
a reset is triggered using information obtained from the ACPI driver.
Related to issue #2726
The change of the platform driver is needed to avoid a parsing error of
the ACPI ROM when encountering an unexpected <reset> node.
Thanks to Alexander Boettcher for the preventing the regression of #3829
and improving the adherence to the ACPI spec when parsing the reset type.
Related to issue #2726
This patch adds the handling neccessary for clients to upgrade the cap
quota of their GUI session. Until now, the upgrade mechanism supported
only RAM quota.
The limitation became visible once a client - in the particular case the
motif_decorator - attempted the cap upgrade of its GUI session. The cap
quota would arrive at the wm, but the wm would keep it instead of
forwarding the quota to nitpicker. This resulted in an infinite retry
loop at the motif_decorator, ultimatedly depleting all its cap quota.
The window manager infers the overall state from the intercepted input
events for the decorator and all GUI clients. However, each of those
parties have an independent input-event stream. Whereas the order of
events within one GUI session is strict, the order of events between GUI
sessions is arbitrary. The window manager wrongly relied on a global
event ordering to track the pointed-at GUI session.
The patch removes the assumption of a global event order by tracking the
relevant pointer state for each GUI session independently and evaluating
these states when propagating the pointer position to the decorator.
Fixes#4059
This commit modified bash's builtin mapping of character sequences to
readline-functionality to detect the sequence of the delete symbol as
generated by the terminal.
Fixes#4058