In fact, the sizes were the same the whole time, but by using
the same enum in both cases to instantiate the Packet_stream_tx
and Packet_stream_rx members of the e.g. RPC object, it allows
for more flexible generalization between e.g. source or, sink
objects, when programming event-driven, and implementing generic
handlers for their signals.
The parent-service registry is populated on demand by the
'Loader::Child' whenever a prior unknown service is requested. Since the
number of parent services is limited, we expect the registry to settle
after a while. However, each loader session has a private instance of
a parent-service registry. So when creating and destroying loader
sessions, parent registries will be populated again and again. We
have to make sure to discard the entries along with the destruction
of a loader session to avoid the leakage of memory.
Issue #717
'Gratuitous ARP' broadcast messages are used to announce newly created
IP<->MAC address mappings to other hosts. nic_bridge-internal hosts
would expect a nic_bridge-internal MAC address in this message, whereas
external hosts would expect the NIC's MAC address in this message.
The simplest solution to this problem is to just drop those messages,
since they are not really necessary.
Fixes#709.
This patch simplifies the way of how Genode's base libraries are
organized. Originally, the base API was implemented in the form of many
small libraries such as 'thread', 'env', 'server', etc. Most of them
used to consist of only a small number of files. Because those libraries
are incorporated in any build, the checking of their inter-dependencies
made the build process more verbose than desired. Also, the number of
libraries and their roles (core only, non-core only, shared by both core
and non-core) were not easy to capture.
Hereby, the base libraries have been reduced to the following few
libraries:
- startup.mk contains the startup code for normal Genode processes.
On some platform, core is able to use the library as well.
- base-common.mk contains the parts of the base library that are
identical by core and non-core processes.
- base.mk contains the complete base API implementation for non-core
processes
Consequently, the 'LIBS' declaration in 'target.mk' files becomes
simpler as well. In the most simple case, only the 'base' library must
be mentioned.
Fixes#18
The 'Timer::Session::msleep' function is one of the last occurrences of
long-blocking RPC calls. Synchronous blocking RPC interfaces turned out
to be constant source of trouble and code complexity. I.e., a timer
client that also wants to respond to non-timer events was forced to be a
multi-threaded process. This patch replaces the blocking 'msleep' call
by a mechanism for programming timeouts and receiving wakeup signals in
an asynchronous fashion. Thereby signals originating from the timer can
be handled along with signals from other signal sources by a single
thread.
The changed interface has been tested on Linux, L4/Fiasco, OKL4, NOVA,
L4ka::Pistachio, Codezero, Fiasco.OC, and hw_pbxa9. Furthermore, this
patch adds the timer test to autopilot.
Fixes#1
This patch introduces keyboard-focus events to the 'Input::Event' class
and changes the name 'Input::Event::keycode' to 'code'. The 'code'
represents the key code for PRESS/RELEASE events, and the focus state
for FOCUS events (0 - unfocused, 1 - focused).
Furthermore, nitpicker has been adapted to deliver FOCUS events to its
clients.
Fixes#609
This patch extends the file-system interface with the ability to monitor
changes of files or directories. The new 'File_system::sigh' function
can be used to install a signal handler for an open node.
The 'ram_fs' server has been enhanced to support the new interface. So
any file or directory changes can now be observed by 'ram_fs' clients.
Fixes#607
Several users of the signal API used custom convenience classes to
invoke signal-handling functions on the reception of incoming signals.
The 'Signal_dispatcher' pattern turned out to be particularly useful. To
avoid the duplication of this code across the code base, this patch
adds the interface to 'base/signal.h'.
Furthermore, the patch changes the 'Signal::num()' return type from int
to unsigned because negative numbers are meaningless here.
Fixes#511
Add functionality to lookup an object and lock it. Additional the case is
handled that a object may be already in-destruction and the lookup will deny
returning the object.
The object_pool generalize the lookup and lock functionality of the rpc_server
and serve as base for following up patches to fix dangling pointer issues.
With this patch, the loader installs an optional client-provided fault
handler as default CPU exception handler and RM fault handler for all
CPU and RM sessions of the loaded subsystem. This way, loader clients
become able to respond to failures occuring within the subsystem.
The new feature is provided via the added 'Loader::fault_handler' RPC
function.
The 'run/failsafe' test covers two cases related to the loader, which
are faults produced by the immediate child of the loader and faults
produced by indirect children.
On Linux, we want to attach additional attributes to processes, i.e.,
the chroot location, the designated UID, and GID. Instead of polluting
the generic code with such Linux-specific platform details, I introduced
the new 'Native_pd_args' type, which can be customized for each
platform. The platform-dependent policy of init is factored out in the
new 'pd_args' library.
The new 'base-linux/run/lx_pd_args.run' script can be used to validate
the propagation of those attributes into core.
Note that this patch does not add the interpretation of the new UID and
PID attributes by core. This will be subject of a follow-up patch.
Related to #510.
Implies support for the ARMv6 architecture through 'base-hw'.
Get rid of 'base/include/drivers' expect of 'base/include/drivers/uart'.
Merge with the support for trustzone on VEA9X4 that came from
Stefan Kalkowski.
Leave board drivers in 'base/include/platform'.
Rework structure of the other drivers that were moved to
'base_hw/src/core' and those that came with the trustzone support.
Beautify further stuff in 'base_hw'.
Test 'nested_init' with 'hw_imx31' (hardware) and 'hw_panda_a2' (hardware),
'demo' and 'signal' with 'hw_pbxa9' (qemu) and 'hw_vea9x4'
(hardware, no trustzone), and 'vmm' with 'hw_vea9x4'
(hardware, with trustzone).
Since the recent move of the process creation into core, the original chroot trampoline
mechanism implemented in 'os/src/app/chroot' does not work anymore. A
process could simply escape the chroot environment by spawning a new
process via core's PD service. Therefore, this patch moves the chroot
support into core. So the chroot policy becomes mandatory part of the
process creation. For each process created by core, core checks for
'root' argument of the PD session. If a path is present, core takes the
precautions needed to execute the new process in the specified chroot
environment.
This conceptual change implies minor changes with respect to the Genode
API and the configuration of the init process. The API changes are the
enhancement of the 'Genode::Child' and 'Genode::Process' constructors to
take the root path as argument. Init supports the specification of a
chroot per process by specifying the new 'root' attribute to the
'<start>' node of the process. In line with these changes, the
'Loader::Session::start' function has been enhanced with the additional
(optional) root argument.
g++ 4.4.5 outputs the following warnings in our code using the loader
session:
.../base/include/base/capability.h: In member function 'typename Genode::Trait::Call_return<typename IF::Ret_type>::Type Genode::Capability<RPC_INTERFACE>::call() const [with IF = Loader::Session::Rpc_view_geometry, RPC_INTERFACE = Loader::Session]':
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::width' may be used uninitialized in this function
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::height' may be used uninitialized in this function
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::buf_x' may be used uninitialized in this function
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::buf_y' may be used uninitialized in this function
This is easily fixed with providing a default constructor.
Because of the C++ rules regarding initialer lists code that used
them for View_geometry had to be modified to use a normal construction
call. In my tests only Nitpicker had to be changed.
By adding a "mac=XX:XX:XX:XX:XX:XX" attribute/value pair to the nic_bridge's
configuration one can define the first MAC address from which the nic_brigde
will allocate MACs for it's clients. Note: that the least relevant byte will
be ignored, and ranges from 0-255. Fixes#424.
This patch implements a service which provides the contents of a tar
archive via the 'File_system::Session' interface.
Configuration:
<config>
<archive name="tar_archive.tar" />
<policy label="label_of_client" root="/rootdir/for/client" />
</config>
Fixes#333.
Increase size of block session backing store so it can handle maximum supported
packet size. Synchronize client threads during packet allocation.
Fixes#276
This patch extends the RAM session interface with the ability to
allocate DMA buffers. The client specifies the type of RAM dataspace to
allocate via the new 'cached' argument of the 'Ram_session::alloc()'
function. By default, 'cached' is true, which correponds to the common
case and the original behavior. When setting 'cached' to 'false', core
takes the precautions needed to register the memory as uncached in the
page table of each process that has the dataspace attached.
Currently, the support for allocating DMA buffers is implemented for
Fiasco.OC only. On x86 platforms, it is generally not needed. But on
platforms with more relaxed cache coherence (such as ARM), user-level
device drivers should always use uncacheable memory for DMA transactions.
This commit adds a terminal_log component, and a run-script which demonstrates
its usage. The terminal_log component provides the LOG service, and prints
every log-output prefixed by the session-label via a terminal-session.
This patch introduces the file-system-session interface, provides an
implementation of this interface in the form of an in-memory file
system, and enables the libc to use the new file-system facility.
The new interface resides in 'os/include/file_system_session/'. It
uses synchronous RPC calls for functions referring to directory
and meta-data handling. For transferring payload from/to files, the
packet-stream interface is used. I envision that the asynchronous design
of the packet-stream interface fits well will the block-session
interface. Compared to Unix-like file-system APIs, Genode's file-system
session interface is much simpler. In particular, it does not support
per-file permissions. On Genode, we facilitate binding policy (such as
write-permission) is sessions rather than individual file objects.
As a reference implementation of the new interface, there is the
new 'ram_fs' service at 'os/src/server/ram_fs'. It stores sparse
files in memory. At the startup, 'ram_fs' is able to populate the
file-system content with directories and ROM modules as specified
in its configuration.
To enable libc-using programs to access the new file-system interface,
there is the new libc plugin at 'libports/src/lib/libc-fs'. Using this
plugin, files stored on a native Genode file system can be accessed
using the traditional POSIX file API.
To see how the three parts described above fit together, the test
case at 'libports/run/libc_fs' can be taken as reference. It reuses
the original 'libc_ffat' test to exercise several file operations
on a RAM file-system using the libc API.
:Known limitations:
The current state should be regarded as work in progress. In particular
the error handling is not complete yet. Not all of the session functions
return the proper exceptions in the event of an error. I plan to
successively refine the interface while advancing the file-system
implementations. Also the support for truncating files and symlink
handling are not yet implemented.
Furthermore, there is much room for optimization, in particular for the
handling of directory entries. Currently, we communicate only one dir
entry at a time, which is bad when traversing large trees. However, I
decided to focus on functionality first and defer optimizations (such as
batching dir entries) to a later stage.
The current implementation does not handle file modification times at
all, which may be a severe limitation for tools that depend on this
information such as GNU make. Support for time will be added after we
have revisited Genode's timer-session interface (issue #1).
Fixes#54Fixes#171
