Commit Graph

1261 Commits

Author SHA1 Message Date
Martin Stein
db6a2419f2 nic_dump: fix bug in packet log
Ref #2560
2017-11-06 13:57:24 +01:00
Christian Helmuth
b0683a5acf Increase test RAM quotas for sel4 64-bit 2017-11-06 13:57:23 +01:00
Christian Helmuth
d67db5cd74 Increase timeouts for some tests on Qemu 2017-11-06 13:57:23 +01:00
Martin Stein
9d84d8b3bd nic_router: rename and move Ip_allocation
Rename Ip_allocation Dhcp_allocation and move it to dhcp_server.* .

Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
127ceaccb5 nic_router: move Dhcp_server to extra header/unit
Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
5e227f9ff1 nic_router: minor style fixes
Ref #2534
2017-11-06 13:57:22 +01:00
Martin Stein
db9d4d3a3c nic_router: DHCP client functionality
If the attribute 'interface' is not set in a 'domain' tag, the router tries to
dynamically receive and maintain an IP configuration for that domain by using
DHCP in the client role at all interfaces that connect to the domain. In the
DHCP discover phase, the router simply chooses the first DHCP offer that
arrives. So, no comparison of different DHCP offers is done. In the DHCP
request phase, the server is expected to provide an IP address, a gateway, a
subnet mask, and an IP lease time to the router. If anything substantial goes
wrong during a DHCP exchange, the router discards the outcome of the exchange
and goes back to the DHCP discover phase. At any time where there is no valid
IP configuration present at a domain, the domain does only act as DHCP client
and all other router functionality is disabled for the domain. A domain cannot
act as DHCP client and DHCP server at once. So, a 'domain' tag must either
have an 'interface' attribute or must not contain a 'dhcp-server' tag.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
3560555acc nic_router: encapsulate IPv4 peer config in class
An IPv4 config (for a domain/interface of the router) consists of
an IPv4 address, a subnet prefix specifier, an optional gateway
IPv4 address, and some flags that declare whether these fields and
the config as a whole are valid. To make the handling of those
tightly connected values easier and less error prone, we encapsulate
them in a new class.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
0ca248551a net: move Ipv4_address_prefix to nic_router
As this tool is not used by any other component make it local to the
NIC router to keep the net-lib interface small.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
50aba6f21b dhcp: support reading of some further option types
Client ID, maximum message size, IP lease time, and requested address.
All needed for the upcoming DHCP client.

Ref #2534
2017-11-06 13:57:21 +01:00
Martin Stein
615878bb05 init: periodic state updates if sensible
Under certain circumstances we don't want inits state report to become too
outdated even if there is no change to its config or the sessions of its
children. This is the case if init is requested to provide a capability or RAM
info of it's children via its state report. Now, init automatically updates
the state report with each 1000 ms if the attribute 'child_caps' or
'child_ram' is positively set in the 'report' tag.
2017-11-06 13:57:21 +01:00
Norman Feske
189c5fa628 input_filter: improve capslock handling
Furthermore, the patch reduces the noise in the log produced by
false-positive error messages that are actually warnings.

Fixes #2548
2017-11-06 13:57:20 +01:00
Norman Feske
a0a7d5d165 ps2_drv: drive mode indicator LEDs
The new feature is demonstrated by the input.run script. It uses a
dynamic ROM service to toggle the keyboard LEDs at different intervals.

Fixes #2546
2017-11-06 13:57:20 +01:00
Christian Helmuth
73f1fa9a1f ahci: log vendor/device IDs as hex 2017-11-06 13:57:19 +01:00
Alexander Boettcher
5e5c705fbc init_smp.run: limit spawned init's for x86_32 2017-11-06 13:57:19 +01:00
Martin Stein
2eef27fca4 timer test: raise tolerance at max trigger count
Timing itself costs time. Thus, the stressfull timeout phase of the
test is not exactly as long as set but a little bit longer. This is why the
fast timeouts are able to trigger more often than they are expected to
(the timer has a static timeout-rate limit). Normally we consider this effect
through an error tolerance of 10%. But at least on foc x86_32 (PIT with very
low max timeout), timing is so expensive that 10% is not enough. We have to
raise it to 11%.
2017-11-06 13:57:19 +01:00
Martin Stein
d4920eade4 timer.run: end test on uncaught exceptions 2017-11-06 13:57:18 +01:00
Norman Feske
3a350b65a3 init: handle Service_denied for forwarded sessions
This patch propages the 'Service_denied' condition of forwarded sessions
to the parent. Without it, the invalid session request stays pending
infinitely, which leads to the problem described in issue #2542. It
turns out that suggested solution given in the issue text is actually
not needed when applying this fix.

Fixes #2542
2017-11-06 13:57:18 +01:00
Norman Feske
1ccd9a2fdb rom_filter: expand target buffer on demand
The ROM filter did not handle the situation where the generated content
exceeds the size of the initially allocated dataspace for the target
buffer. This patch wraps the XML generation in a retry loop that
expands the buffer as needed.
2017-11-06 13:57:18 +01:00
Norman Feske
f3988a27d4 nit_fb: support 'origin' attribute
This patch makes the specification of screen coordinates more flexible.
First, the 'origin' attribute allows one to refer to either of the four
screen corners without knowing the screen size. Second, the 'width'
and 'height' values now accept negative values, which are relative to
the screen size.
2017-11-06 13:57:18 +01:00
Norman Feske
dd5b03671d os: don't limit file-systems-session upgrades
The 'File_system::Connection' already performs an on-demand session
upgrade should the server report an 'Out_of_caps' or 'Out_of_ram'
condition. So file-system clients are normally relieved from handling
those exceptions. However, the upgrade was limited to two attempts per
operation (which amounts to 16 KiB). When using the Rump VFS plugin in
the VFS server, this amount does not always suffice. So the exception is
reflected to the client. I observed this problem as a message "unhandled
error" printed by fs_rom. This patch removes the upgrade limit such that
a greedy file-system server becomes iteratively upgraded until it stops
arguing or the client's RAM is exhausted.
2017-11-06 13:57:18 +01:00
Christian Helmuth
ee4ee6a8ac depot: update recipe hashes 2017-10-19 13:31:18 +02:00
Christian Prochaska
e4fa8e8fcf vfs server: remove special case of rootdir handles
With this patch, the VFS server returns distinguishable IDs when opening
the root directory multiple times.
2017-10-19 13:31:15 +02:00
Martin Stein
5f65791962 nic_router: bad-protocol message only if verbose
This was an error output-line for each affected packet previously but it
is pretty normal for the router to receive packets whose network layer
protocol it doesn't know . In the default case, these packets shall be
ignored silently.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
30a96706cb nic_router: dhcp server functionality
One can configure the NIC router to act as DHCP server at interfaces of a
domain by adding the <dhcp> tag to the configuration of the domain like
this:

<domain name="vbox" interface="10.0.1.1/24">
    <dhcp-server ip_first="10.0.1.80"
                 ip_last="10.0.1.100"
                 ip_lease_time_sec="3600"
                 dns_server="10.0.0.2"/>
    ...
</domain>

The attributes ip_first and ip_last define the available IPv4 address
range while ip_lease_time_sec defines the lifetime of an IPv4 address
assignment in seconds. The IPv4 address range must be in the subnet
defined by the interface attribute of the domain tag and must not cover
the IPv4 address in this attribute. The dns_server attribute gives the
IPv4 address of the DNS server that might also be in another subnet.
The lifetime of an offered assignment is the configured round trip time of
the router while the ip_lease_time_sec is applied only if the offer is
requested by the client in time.

The ports/run/virtualbox_nic_router.run script is an example of how to
use the new DHCP server functionality.

Ref #2490
2017-10-19 13:31:15 +02:00
Martin Stein
03144093b3 nic_router: do link garbage collect on each packet
Previously, garbage collect was only done when an incoming packet passed the
Ethernet checks. Now it is really done first when receiving a packet at an
interface.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
215937ff0f nic_router: handle ARP requests for foreign IPs
If the router has no gateway attribute for a domain (means that the router
itself is the gateway), and it gets an ARP request for a foreign IP, it shall
answer with its own IP.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
ee88d4d2d5 nic_router: use same packet log-format as nic_dump
Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
e5b9a6cc8b nic_router: rework round-trip-time handling
Do not use two times the RTT for the lifetime of links but use it as
it is configured to simplify the usage of the router. Internally, use
Microseconds/Duration type instead of plain integers.

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
71bd9a1f10 nic_dump: configurable packet print
The nic_dump uses a wrapper for all supported protocols that
takes a packet and a verbosity configuration. The wrapper object can
than be used as argument for a Genode log function and prints the
packet's contents according to the given configuration. The
configuration is a distinct class to enable the reuse of one instance
for different packets.

There are currently 4 possible configurations for each protocol:
* NONE          (no output for this protocol)
* SHORT         (only the protocol name)
* COMPACT       (the most important information densely packed)
* COMPREHENSIVE (all header information of this protocol)

Ref #2490
2017-10-19 13:29:45 +02:00
Martin Stein
d63c40af3e dhcp: extend options utilities
Provide utilities for appending new options to an existing DHCP packet
and a utility for finding existing options that returns a typed option
object. Remove old version that return untyped options.

Ref #2490
2017-10-19 13:29:44 +02:00
Martin Stein
791fd9806f ipv4 address: conversion from and to integer
Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
d0f5838c61 net: clean up header fields and accessors
Apply the style rule that an accessor is named similar to the the underlying
value. Provide read and write accessors for each mandatory header attribute.
Fix some incorrect structure in the headers like with the flags field
in Ipv4_packet.

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
7b55d4d5d9 ethernet: rework type for ethernet type value
Encapsulate the enum into a struct so that it is named
Ethernet_frame::Type::Enum, give it the correct storage type
uint16_t, and remove those values that are (AFAIK) not used by
now (genode, world).

Ref #2490
2017-10-19 13:29:43 +02:00
Martin Stein
3f269b773d nic_dump: use Duration instead of unsigned
Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
97b1a22a8a nic_dump: measure time only if needed
Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
6b4b662357 nic_router: fix for unknown transport protocols
Do not stop routing if the transport layer protocol is unknown but
continue with trying IP routing instead. The latter was already
done when no transport routing could be applied but for unknown transport
protocols we caught the exception at the wrong place.

Ref #2490
2017-10-19 13:29:42 +02:00
Martin Stein
642254134e timer test: rate limiting and no starvation
No starvation of timeout signals
--------------------------------

Add several timeouts < 1ms to the stress test and check that timeout
handling doesn't become significantly unfair (starvation) in this situation
where some timeouts trigger nmuch faster than they get handled.

Rate limiting for timeout handling in timer
-------------------------------------------

Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-19 13:29:42 +02:00
Christian Helmuth
f9b3c6d2cf Remove unused os/alarm.h include from loader 2017-10-19 13:29:41 +02:00
Martin Stein
df71e02ef6 alarm: fix bug in _setup_alarm
We did not set the correct now_period previously but it wasn't conspicuous
because the bug triggered not before a full period had passed which on most
platforms is a pretty long time.

Ref #2490
2017-10-19 13:29:41 +02:00
Christian Helmuth
28004bc9e6 timer: limit rate of handling timeouts
Ensure that the timer does not handle timeouts again within 1000
microseconds after the last handling of timeouts. This makes denial of
service attacks harder. This commit does not limit the rate of timeout
signals handled inside the timer but it causes the timer to do it less
often. If a client continuously installs a very small timeout at the
timer it still causes a signal to be submitted to the timer each time
and some extra CPU time to be spent in the internal handling method. But
only every 1000 microseconds this internal handling causes user timeouts
to trigger.

If we would want to limit also the call of the internal handling method
to ensure that CPU time is spent beside the RPCs only every 1000
microseconds, things would get more complex. For instance, on NOVA
Time_source::schedule_timeout(0) must be called each time a new timeout
gets installed and becomes head of the scheduling queue. We cannot
simply overwrite the already running timeout with the new one.

Ref #2490
2017-10-05 17:40:05 +02:00
Emery Hemingway
a67d24e509 import chroot from world repository
Fix #2529
2017-10-05 17:40:04 +02:00
Sebastian Sumpf
754d1bd4a3 usb_report_filter: check device ds
Make sure we actually can report devices on USB driver device updates.

related to #2527
2017-10-05 17:40:04 +02:00
Norman Feske
6d361b337b input/root.h: support re-opening of sessions
This patch fixes an aliasing problem of the 'close' method signature
that prevented the Input::Root_component::close method to be called.
This way, the event-queue state was not reset at session-close time,
which prevented a subsequent session-creation request to succeed. With
the patch, input servers like ps2_drv, usb_drv that rely on the
Input::Root_component support the dynamic re-opening of sessions. This
happens in particular when using a dynamically configured input filter.
2017-10-05 17:40:03 +02:00
Norman Feske
86656517e3 nitpicker: reset background if backdrop vanishes
Fixes #3
2017-10-05 17:40:03 +02:00
Josef Söntgen
e1ada57bfa vfs: use unsigned 64bit for media size ioctl
Fixes #2523.
2017-10-05 17:40:02 +02:00
Martin Stein
3f37a12e2d timer connection: fix mixing of time sources
We update the alarm-scheduler time with results of
Timer::Connection::curr_time when we schedule new timeouts but when
handling the signal from the Timer server we updated the alarm-scheduler
time with the result of Timer::Connection::elapsed_us.  Mixing times
like this could cause a non-monotone time value in the alarm scheduler.
The alarm scheduler then thought that the time value wrapped and
triggered all timeouts immediately. The problem was fixed by always
using Timer::Connection::curr_time as time source.

Ref #2490
2017-10-05 17:40:02 +02:00
Norman Feske
dae563725b drivers_interactive-pc: increase key-repeat rate 2017-10-05 17:40:02 +02:00
Alexander Boettcher
1cc09ac786 platform_drv: transfer of quota to device_pd
Issue #2507
2017-10-05 17:40:00 +02:00
Sebastian Sumpf
ff800af820 ahci: make port enumeration independent from port count
fixes #2522
2017-10-05 17:40:00 +02:00
Norman Feske
6fcf95d536 terminal: cursor-key handling w/o set key layout
This patch applies the handling of cursor keys, function keys, and page
up/down keys even if no keymap is defined. This is the case when using
the terminal with character events produced by the input filter.
2017-10-05 17:39:59 +02:00
Norman Feske
47b7ce5149 depot: recipe for rtc_drv,top 2017-10-05 17:39:58 +02:00
Norman Feske
d8861262b2 depot: recipe for cpu_load_display 2017-10-05 17:39:58 +02:00
Norman Feske
f10af1cc57 depot: recipe for src/xray_trigger 2017-10-05 17:39:58 +02:00
Norman Feske
070aa62f92 depot: recipes for file_terminal, terminal_log 2017-10-05 17:39:58 +02:00
Norman Feske
d9d32847b1 xray_trigger: make initial state configurable 2017-10-05 17:39:57 +02:00
Martin Stein
d62c3117de run/timeout: test if maximum timeouts trigger bugs
Create periodic and one-shot timeouts with the maximum duration
to see if triggers any corner-case bugs. They must not trigger during
the test.

Ref #2490
2017-10-05 17:39:57 +02:00
Martin Stein
8fd914c6ab timeout: fix outdated time in alarm scheduler
If we add an absolute timeout to the back-end alarm-scheduler we must first
call 'handle' at the scheduler to update its internal time value.
Otherwise, it might happen that we add a timeout who's deadline is so big that
it normally belongs to the next time-counter period but the scheduler thinks
that it belongs to the current period as its time is older than the one used
to calculate the deadline.

Ref #2490
2017-10-05 17:39:56 +02:00
Martin Stein
2633ff8661 alarm: fix information loss due to int-cast
When we have two time values of an unsigned integer type and we create
the difference and want to know wether it is positive or negative within
the same value we loose at least one half of the value range for casting
to signed integers. This was the case in the alarm scheduler when
checking wether an alarm already triggered. Even worse, we casted from
'unsigned long' to 'signed int' which caused further loss on at least
x86_64. Thus, big timeouts like ~0UL falsely triggered directly.

Now, we use an extra boolean value to remember in which period of the
time counter we are and to which period of the time counter the deadline
of an alarm belongs. This boolean switches its value each time the time
counter wraps. This way, we can avoid any casting by checking wether the
current time is of the same period as the deadline of the alarm that we
inspect. If so, the alarm is pending if "current time >= alarm
deadline", otherwise it is pending if "current time < alarm deadline".

Ref #2490
2017-10-05 17:39:56 +02:00
Sebastian Sumpf
a932fc2e5a depot: recipe for rump/file_system
Ref #2446
2017-10-05 17:39:56 +02:00
Martin Stein
4fa0cb5c29 timer pit: handle and display bad latency
If the PIT timer driver gets activated too slow (e.g. because of a bad priority
configuration), it might miss counter wraps and would than produce sudden time
jumps. The driver now detects this problem dynamically, warns about it and
adapts the affected values to avoid time jumps.

Ref #2400
2017-10-05 17:39:55 +02:00
Emery Hemingway
488396e78b server/vfs: status completes or throw Invalid_handle
The 'status' RPC method of the File_system session must complete
successfully or throw 'Invalid_handle' for any error.

Ref #2512
2017-10-05 17:39:55 +02:00
Martin Stein
82c763fe75 nic_router: provide link state
The NIC router always reports the link state "Up" (true) because
the effective link state depends on the targeted remote interface
and thus on the individual routing for each packet. Consequently,
also the signal handler for state changes gets ignored.

Ref #2490
2017-09-07 11:47:15 +02:00
Martin Stein
a1e32a3ad9 nic_router: use local but individual MAC addresses
IP stacks may treat a network interface as "down" when it states a MAC
address with the I/G bit (bit 40) set to "Group" (value 0) instead of
"Individual" (value 1). This was observed with a TinyCore 8 inside a
Virtualbox VM. Thus, the previously choosen 03:03:03:03:03:00 as base
for the MAC address allocator is bad. Now we use the 02:02:02:02:02:00
instead. This also ensures that the MAC addresses are not marked as
"Universal" but as "Local" (bit 41, value 1) which is correct in general
as the router allocates MAC addresses only for virtual networks.

Ref #2490
2017-09-07 11:47:15 +02:00
Martin Stein
68cd5e8004 nic_router & timer* tests: prioritize timer driver
The timer driver should always be of the highest priority to avoid
problem with timers that have low max-counter values like the PIT
with only 53 ms.

Ref #2400
2017-09-07 11:47:15 +02:00
Christian Helmuth
2ed904faab depot: update recipe hashes 2017-08-30 12:41:43 +02:00
Martin Stein
b531a862bb nic_dump: link state and mac address
The NIC dump component didn't support forwarding of link states and link-state
signals until now. Furthermore, it now prints MAC address and link state
on session creation and on every link state change.

Ref #2490
2017-08-30 10:01:36 +02:00
Martin Stein
84ad50b527 nic_dump: synchronize down/uplink creation
Previously, the uplink session was created on component startup while the
creation of the downlink session is timed by the client component. This
created a time span in which packets from the uplink were dropped at the
nic_dump. Now the uplink session-request is done by the session component
of the downlink.

Ref #2490
2017-08-30 10:01:35 +02:00
Alexander Boettcher
4c382d85b2 sel4: adjust cap ram quota of fault_detection.run 2017-08-30 10:00:01 +02:00
Martin Stein
12eb7a44d0 x86 timeout test: consider instable tsc (quickfix)
This is a quickfix to avoid testing microseconds precise time on older x86
machines that have no invariant TSC as interpolation source.

Ref #2400
2017-08-30 10:00:01 +02:00
Christian Helmuth
ae0c9e7692 Increase cap quota for usb_drv 2017-08-30 10:00:00 +02:00
Josef Söntgen
198019edca os: add Gpu driver for Intel Gen8 HD graphics
This commit introduces a experimental 3D driver for Intel Gen8 HD
graphics devices as well as the corresponding Gpu session.

Fixes #2507.
2017-08-30 09:59:57 +02:00
Alexander Boettcher
830f6934f9 base: add support to unconstrain virtual space
Issue #2507.
2017-08-30 09:59:57 +02:00
Emery Hemingway
1fce8d0d74 default ahci_drv and part_blk Block sessions to read-only
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.

Fix #2469
2017-08-28 16:49:51 +02:00
Martin Stein
d9073a1848 timer/util: generic TIMER_MIN_TICKS_PER_MS
Ref #2400
2017-08-28 16:49:50 +02:00
Martin Stein
ffaf99ae86 timeout test: remove error-limit exception for PIT
The problems with the PIT timer drivers were fixed so it is not necessary
anymore to treat them special.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
399e1586be timer: generic timer_ticks_to_us implementation
There are hardware timers whose frequency can't be expressed as
ticks-per-microsecond integer-value because only a ticks-per-millisecond
integer-value is precise enough. We don't want to use expensive
floating-point values here but nonetheless want to translate from ticks
to time with microseconds precision. Thus, we split the input in two and
translate both parts separately. This way, we can raise precision by
shifting the values to their optimal bit position. Afterwards, the results
are shifted back and merged together again.

As this algorithm is not so trivial anymore and used by at least three
timer drivers (base-hw/x86_64, base-hw/cortex_a9, timer/pit), move it to a
generic header to avoid redundancy.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
652187b25e timer pit: fix precision reduction to milliseconds
Due to the simplicity of the algorithm that translated from timer ticks
to time, we lost microseconds precision although the timer allows for it.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
02bbb2efaf test/timeout: use elapsed_us instead of elapsed_ms
Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
22294d3b18 timer connection: fix division by null
When synchronizing with the remote time source, we have to take care that the
measured time difference cannot become null because its real value is smaller
than the measurement granularity. Since the granularity is one microsecond, we
simply go on polling timestamp and time until the microsecond has passed.
This busy waiting should be no problem for the system for two reasons. First,
it is limited to a relatively small amount of time and second, a busy lock
does not happen because the time source that is responsible for the limiting
factor is explicitely called on each poll.

Ref #2400
2017-08-28 16:49:49 +02:00
Alexander Boettcher
7a006ccf50 uefi: adjust framebuffer.run to use fb_boot_drv
Issue #2242
2017-08-28 16:49:47 +02:00
Johannes Kliemann
c509cabdba os: fix fb_boot_drv framebuffer padding
Fixes #2486
2017-08-28 16:49:45 +02:00
Emery Hemingway
90eaad6cc2 depot recipe for blk_cache
Ref #2460
2017-08-28 16:49:44 +02:00
Sebastian Sumpf
66db2ee54e libports: Mesa 11.2.2
OpenGL 4.5 with software and i965 rendering back ends.

issue #2488
2017-08-28 16:49:43 +02:00
Norman Feske
cb72784717 os: add template specialization for alpha pixel
The specialization is needed for applying anti-aliased drawing
operations on alpha channels.
2017-08-28 16:49:39 +02:00
Christian Prochaska
b0935ef9b2 VFS: nonblocking interface
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.

For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.

The most important changes are:

- Directories are created and opened with the 'opendir()' function and the
  directory entries are read with the recently introduced 'queue_read()'
  and 'complete_read()' functions.

- Symbolic links are created and opened with the 'openlink()' function and
  the link target is read with the 'queue_read()' and 'complete_read()'
  functions and written with the 'write()' function.

- The 'write()' function does not wait for signals anymore. This can have
  the effect that data written by a VFS library user has not been
  processed by a file system server yet when the library user asks for the
  size of the file or closes it (both done with RPC functions at the file
  system server). For this reason, a user of the VFS library should
  request synchronization before calling 'stat()' or 'close()'. To make
  sure that a file system server has processed all write request packets
  which a client submitted before the synchronization request,
  synchronization is now requested at the file system server with a
  synchronization packet instead of an RPC function. Because of this
  change, the synchronization interface of the VFS library is now split
  into 'queue_sync()' and 'complete_sync()' functions.

Fixes #2399
2017-08-28 16:49:38 +02:00
Norman Feske
8312950e2f gems: app/depot_query 2017-08-28 16:49:38 +02:00
Norman Feske
c8b2222485 depot: add pkg/test-fs_report 2017-08-28 16:49:38 +02:00
Norman Feske
a4b543bc80 init: avoid repeated config XML parsing 2017-08-28 16:49:37 +02:00
Norman Feske
bfbe5128cd tar_rom: minor documentation fix 2017-08-28 16:49:37 +02:00
Norman Feske
6184a27619 init: defer forwarded session requests when needed
This patch changes init's service forwarding such that pending requests
are kept unanswered as long as the requested service is not present
(yet). In dynamic-init scenarios, this is needed in situtions where the
dynamic init is known to eventually provide the service but the internal
subsystem is not ready yet. Previously, a client that attempted to
request a session in this early phase would get a 'Service_denied'
exception. By deferring the forwarding in this situation, the behaviour
becomes deterministic.

If a matching '<service>' exists but there is no matching policy sub
node, the request is answered with 'Service_denied' - as expected.
2017-08-28 16:49:37 +02:00
Martin Stein
c0c0d8c600 nic_router: error if uplink domain not configured
Ref #2490
2017-08-28 16:49:36 +02:00
Martin Stein
96c7f8d53f init: be aware of abandoned any-child routes
Previously, init did not test if a service is abandoned on a new
configuration if the service was routed via an any-child route.

Fixes #2483
2017-08-28 16:49:35 +02:00
Martin Stein
9476f3f645 run/init: test abandoned any-child routes
Currently, init does not test wether a service is abandoned on a new
configuration if the service was routed via an any-child route. Trigger
this behaviour in the init test.

Ref #2483
2017-08-28 16:49:35 +02:00
Martin Stein
b6efa7f6f9 timer connection: fast initial calibration
The calibration of the interpolation parameters was previously only done
periodically every 500 ms. Together with the fact that the parameters
had to be stable for at least 3 calibration steps to enable
interpolation, it took at least 1.5 seconds after establishing a
connection to get microseconds-precise time values.

This is a problem for some drivers that directly start to poll time.
Thus, the timer connection now does a calibration burst as soon as it
switches to the modern mode (the mode with microseconds precision).
During this phase it does several (currently 9) calibration steps
without a delay inbetween. It is assumed that this is fast enough to not
get interrupted by scheduling. Thus, despite being small, the measured
values should be very stable which is why the burst should in most cases
be sufficient to get the interpolation initialized.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
adaad64fbb timer connection: relax factor shifting
When in modern mode (with local time interpolation), the timer
connection used to maximize the left shifting of its
timestamp-to-microseconds factor. The higher the shift the more precise
is the translation from timestamps to microseconds. If the timestamp
values used for determining the best shift were small - i.e.  the delay
between the calibration steps were small - we may got a pretty big
shift.  If we then used the shift with bigger timestamp values - i.e.
called curr_time seldom or raised calibration delays - the big shift
value became a problem. The framework had to scale down all measured
timestamps and time values temporarily to stay operative until the next
calibration step.

Thus, we now raise the shift only that much that the resulting factor
fullfills a given minimum. This keeps it as low as possible according
to the precision requirement. Currently, this requirement is set to 8
meaning that the shifted factor shall be at least 2^8 = 256.

Ref #2400
2017-08-23 14:08:37 +02:00
Martin Stein
6dfb903bd0 timer connection: always work with microseconds
As the timer session now provides a method 'elapsed_us', there is no more need
for doing any internal calculations with values of milliseconds.

Ref #2400
2017-08-23 14:08:36 +02:00
Martin Stein
8750e373a0 timer session: add elapsed_us method
As timer sessions are not expected to be microseconds precise (because
of RPC latency and scheduling), the session interface provided only a
method 'elapsed_ms' although the back end of this method in the timer
driver works with microseconds.

However, in some cases it makes sense to have a method 'elapsed_us'. The
values it returns might be milliseconds away from the "real" time but it
allows you to work with delays smaller than a millisecond without
getting a zero delta value.

This commit is motivated by the need for fast bursts of calibration
steps for the time interpolation in the new timer connection.

Ref #2400
2017-08-23 14:08:36 +02:00
Christian Helmuth
8b073f46df depot: update recipe hashes 2017-08-18 10:25:28 +02:00
Alexander Boettcher
4020766105 sel4: adapt timeouts of run scripts
Issue #2451
2017-08-18 10:24:47 +02:00
Alexander Boettcher
69e71147ef platform_drv: replace nova specific device_pd
by using generic Pd_session::map instead for eager memory mappings of DMA
memory.

Issue #2209
2017-08-18 10:24:47 +02:00
Emery Hemingway
5f35175644 app/sequence: execute components in sequence
Fix #2476
2017-08-18 10:24:46 +02:00
Emery Hemingway
ad6c94bb09 input_filter character mapping rules for the Workman layout
http://workmanlayout.org/

Fix #2473
2017-08-17 11:04:23 +02:00
Emery Hemingway
2deddf1e6d Check for symlink target length errors
Check for symlink length errors at the VFS library and the ram_fs and
vfs servers.

Fix #2462
2017-08-17 11:04:21 +02:00
Emery Hemingway
cfdac3f4c3 ram_fs: check symlink writes for termination bytes
Ref #2461
2017-08-17 11:04:21 +02:00
Alexander Boettcher
da5441292a sel4: add Wandboard Quad (iMX6) support
Issue #2451
2017-08-17 11:04:21 +02:00
Alexander Boettcher
782b457476 wand_quad: re-enable i.MX6 EPIT user level timer
Issue #2451
2017-08-17 11:04:21 +02:00
Alexander Boettcher
66c0c7b6f1 sel4: add x86_64 support
Issue #2451
2017-08-17 11:04:20 +02:00
Norman Feske
e31806d4e6 dde_rump: fix rump_iso test
The run script did not consider the routing for the environment ROM
sessions for the test-iso component. It routed all ROM sessions -
including the ones for the executable and the dynamic linker - to
fs_rom. The patch also adds the cap quota definitions required since
version 17.05 and fixes a whitespace inconsistency between the test
program and the run script.

Thanks to Steven Harp for reporting!
2017-08-17 11:04:20 +02:00
Christian Helmuth
e5f0dae598 terminal_log: carriage-return on newline
This is expected by hardware terminals, ie., terminal programs connected
to null-modem serial connections. Otherwise, the next line starts at the
column right after the last line.
2017-08-17 11:04:20 +02:00
Emery Hemingway
e2c1ea04ea depot: recipes for src/ram_blk, src/vfs
Ref #2446
2017-08-17 11:04:19 +02:00
Alexander Boettcher
95329c82e2 sel4: update to 5.2.0
Issue #2451
2017-08-17 11:04:19 +02:00
Christian Helmuth
145011b420 sd_card_drv: prevent deprecated warnings 2017-08-17 11:04:18 +02:00
Norman Feske
18cea099f0 depot: recipes for ahci, fs_rom, ram_fs, usb_block 2017-08-17 10:59:44 +02:00
Alexander Boettcher
24875c0ea8 platform_drv: add report about available pci devices
Issue #1359
2017-08-17 10:59:44 +02:00
Norman Feske
7d12d7a78f fs_report.run: replace test with dedicated program
The new version of the test exercises the combination of fs_report with
ram_fs and fs_rom as a more flexible alternative to report_rom.

It covers two corner cases that remained unaddressed by fs_rom and
ram_fs so far: First, the late installation of a ROM-update signal
handler at fs_rom right before the content of the file is modified.
Second, the case where the requested file is not present on the file
system at the creation time of the ROM session. Here, the ram_fs missed
to inform listeners for the compound directory about the later created
file.
2017-08-17 10:59:43 +02:00
Norman Feske
d649451c3d fs_rom: trigger deferred ROM-update signal
This patch ensures that fs_rom delivers a ROM-update notification in the
case where the underlying file was changed in-between requesting the
initial ROM content and registering the signal handler.
2017-08-17 10:59:43 +02:00
Norman Feske
bfcdab6079 fs_rom: make read-packet handling more robust
With the introduction of the CONTENT_CHANGED notifications delivered via
the packet stream, the assumption that no more than one READ packet is
in flight at all times does no longer hold. If the fs server responds
to a CONTENT_CHANGED packet while the fs_rom expects the completion of a
read request, the '_update_dataspace' method would prematurely return,
leaving the dataspace unpopulated. This patch solves the problem by
specifically waiting for the completion of the read request.
2017-08-17 10:59:43 +02:00
Norman Feske
0b580628cf file system: track content via version counter
This makes the delivery of CONTENT_CHANGED responses more robust.
2017-08-17 10:59:43 +02:00
Christian Prochaska
6a43f3c11a file system: use Id_space instead of Node_handle_registry
Fixes #2436
2017-08-17 10:59:43 +02:00
Norman Feske
0d1be4abe2 depot: update recipe hashes 2017-06-29 12:00:04 +02:00
Christian Helmuth
78f1fd29f7 Translate buffer-exceeded exception in Session_requester
Session_requester inherits from Dynamic_rom_session::Content_producer
which specifies the Buffer_capacity_exceeded exception which is thrown
on insufficient buffer space.
2017-06-29 12:00:03 +02:00
Norman Feske
a9da97bc4a init.run: lower timing sensitivity
Instead of relying on init's delayed reporting, we explicitly force init
to produce a new report with the up-to-date child-RAM information.
2017-06-29 12:00:03 +02:00
Norman Feske
ce01fd5321 depot: update drivers_interactive-pbxa9 to 17.05
With this commit, the wm.run script works for the pbxa9 platform when
using the base-hw kernel.
2017-06-29 12:00:02 +02:00
Norman Feske
4b862cb047 depot: fix src/pbxa9_drivers recipe
This is a follow-up commit to "os: move private declarations to driver
target".
2017-06-29 12:00:02 +02:00
Martin Stein
67fc1ec42b timeout test: prioritize timer driver over test
Ref #2400
2017-06-29 12:00:00 +02:00
Martin Stein
8d2ee6d040 timer okl4: remove deprecated const_cast
Ref #2400
2017-06-29 12:00:00 +02:00
Martin Stein
61f59818d3 pit/fiasco timeout: raise time error tolerance
On platforms that use the PIT timer driver, 'elapsed_ms' is pretty
inprecise/unsteady (up to 3 ms deviation) for a reason that is not
clearly determined yet. On Fiasco and Fiasco.OC, that use kernel timing,
it is the same. So, on these platforms, our locally interpolated time
seems to be fine but the reference time is bad. Until this is fixed, we
raise the error tolerance for these platforms in the run script.

Ref #2400
2017-06-29 11:59:59 +02:00
Christian Helmuth
82af06a42a sd_card: enable wand_quad/imx6 again 2017-06-29 11:59:58 +02:00
Christian Helmuth
ad824cea11 sd_card: cleanup driver library structure
Now both, the sd_card_drv and sd_card_bench use LIBS=sd_card_drv.
2017-06-29 11:59:58 +02:00
Emery Hemingway
73eb7a52a0 server/fs_report: do not append '.report to file names
Appending a suffix to report filenames was behavior inherited from
fs_log, it prevents creating files where directories need to be created
later. But unlike logs, only a subset of the hierarchy will report and
those that do append a component-local label, so the risk of collision
is low.

By removing the suffix fs_rom can serve reports back as ROM just as
report_rom does.

Ref #2422
2017-06-29 11:59:56 +02:00
Christian Prochaska
04f82721b1 fs_rom_update.run: add capability quota
Fixes #2453
2017-06-29 11:59:54 +02:00
Martin Stein
9b1c26ab7f timeout lib: dynamic interpolation-factor shift
In the timeout framework, we maintain a translation factor value to
translate between time and timestamps. To raise precision we scale-up
the factor when we calculate it and scale-down the result of its
appliance later again. This up and down scaling is achieved through
left and right shifting. Until now, the shift width was statically
choosen. However, some platforms need a big shift width and others a
smaller one. The one static shift width couldn't cover all platforms
which caused overflows or precision problems.

Now, the shift width is choosen optimally for the actual translation
factor each time it gets re-calculated. This way, we can take care that
the shift always renders the best precision level without the risk for
overflows.

Ref #2400
2017-06-29 11:59:54 +02:00
Martin Stein
99d971f348 timeout test: result buffer as struct
The result-buffer related members of the fast polling test are
the same for each buffered result type. Thus, we can make the
code easier by providing them through a struct.

Ref #2400
2017-06-29 11:59:53 +02:00
Norman Feske
c7b739cc61 bomb.run: define resource preservation for init
This patch increases init's preserved RAM and capability quota to
account for a current limitation of init with respect to the creation of
sessions to parent services:

In contrast to regular routed services, sessions to parent services are
created via 'Env::session'. The implementation of 'Env::session'
automatically upgrades session quotas on demand, which is the desired
behavior for regular 'Connection' objects. However, for sessions
established on the behalf of init's children, we would need to reflect
the error condition to the child instead of resolving it locally within
init (by subsidizing the session with init's quota). This patch leaves
this issue unresolved but fixes the symptom for the bomb test. It is
meant as an interim solution until the handling of parent sessions is
revised.
2017-06-29 11:59:53 +02:00
Norman Feske
5566aa0f94 bomb test: consider preserved PD session quota
This is an adaptation to the commit "core: prevent transfer of static PD
session quota".
2017-06-29 11:59:52 +02:00
Johannes Kliemann
1205607e78 os: add framebuffer based on platform_info of core
Issue #2242
2017-06-29 11:59:51 +02:00
Alexander Boettcher
04b2919a1a acpi_drv: use platform_info for rsdt/xsdt lookup
Issue #2242
2017-06-29 11:59:50 +02:00
Martin Stein
5fec4a2166 timeout test: raise error tolerance on nova + qemu
On QEMU, NOVA uses the pretty unstable TSC emulation as primary time
source. Thus, timeouts do not trigger with the common precision (< 50
ms). Use an error tolerance of 200 ms for this platform constellation.

Ref #2400
2017-06-29 11:59:49 +02:00
Josef Söntgen
8f577e9d25 usb: use if-else in packet_handler
Apparently this construct leads to a compiler errors like

  error: second operand to the conditional operator is of type ‘void’, but
  the third operand is neither a throw-expression nor of type ‘void’
2017-06-19 12:35:57 +02:00
Martin Stein
745fa4fd67 timeout test: improve documentation
Ref #2400
2017-06-19 12:35:56 +02:00
Martin Stein
71fd2b4cde timeout test: consider time shift between sessions
The fast polling test uses one timer session for raw 'elapsed_ms' calls
and another one for potentially interpolated 'curr_time' calls. It then
compares the two results against each other. However, until now, the
test did not consider that the duration of the session construction may
create a remarkable shift between the local times of the two sessions.
This shift is now determined and compensated before doing any
comparison.

Ref #2400
2017-06-19 12:35:56 +02:00
Christian Helmuth
ba9ef7fdee foc: use slab for meta-data in RPC cap factory 2017-06-19 12:35:56 +02:00
Christian Helmuth
c16288bcde timer/foc: use current KIP-clock API
This prevents L4_DEPRECATED warnings.
2017-06-19 12:35:55 +02:00
Martin Stein
1ea745ca2e signal test: do not test multiple handlers
The multiple-handlers test was checking if handlers at one signal were
activated in a fair manner. But on Qemu, the error tolerance of one was
too small in rare cases (2 of 100 runs). However, having multiple
handlers for the same signal context can be considered deprecated
anyway. With the recommended Signal_handler wrapper for signal sessions,
you can't use this feature. Thus, we removed the multiple-handlers test.

Fixes #2450
2017-06-19 12:35:55 +02:00
Christian Prochaska
a1b1525ec1 lx_fs: handle errors on mkdir correctly
Fixes #2444
2017-06-19 12:35:55 +02:00
Emery Hemingway
47c616ab94 server/fs_report: write reports to file-systems
Fix #2422
2017-06-19 12:35:54 +02:00
Emery Hemingway
1eb37fbe22 VFS: move 'sync' from 'File_system' to 'Directory_service'
The the parent 'Directory_service' interface is reachable from
'Vfs_handle', whereas the 'File_system' interface is not.

Fix #2437
Ref #2422
2017-06-12 14:32:07 +02:00
Emery Hemingway
1838fb4773 vfs/ram: check parent directory on file creation
Fix #2443
2017-06-12 12:44:23 +02:00
Alexander Boettcher
0523736ce4 acpi: limit device scope paths
Fixes #2371
2017-06-08 11:32:39 +02:00
Martin Stein
b8e2253e5f timeout: fix bug in interpolation
We incorrectly used 'unsigned long' (which is 32 or 64 bit depending on
the CPU architecture) for a timestamp (which is always 64 bit) in the
timer-connection implementation.

Ref #2435
2017-06-06 13:01:43 +02:00
Martin Stein
23337eb6e7 run/timeout: run also on arm w/o hw and qemu
On platforms were we do not have local time interpolation we can simply
skip the first test stage in the timeout test. This way, we can at least
test the rest.

Fixes #2435
2017-05-31 17:50:28 +02:00
Martin Stein
685f509a43 timer connection: no interpolation on arm w/o hw
On ARM, we do not have a component-local hardware time-source. The ARM
performance counter has no reliable frequency as the ARM idle command
halts the counter. Thus, we do not do local time interpolation on ARM.
Except we're on the HW kernel. In this case we can read out the kernel
time instead.

Ref #2435
2017-05-31 17:50:28 +02:00
Christian Helmuth
892ede515f depot: update recipe hashes 2017-05-31 16:18:01 +02:00
Christian Helmuth
67e33d3948 depot: adjust cap quotas in drivers_interactive_pc (64-bit) 2017-05-31 16:18:01 +02:00
Norman Feske
1e8689bafe depot: adjust cap quotas in drivers_interactive_pc 2017-05-31 13:16:25 +02:00
Norman Feske
7bb8e332a9 depot: adjust base recipe to removed headers
This patch updates the recipes for the base-<kernel> archives to the
recently removed os/config.h and os/timeout.h headers.
2017-05-31 13:16:25 +02:00
Sebastian Sumpf
c3cf7f3c3a riscv: ISA-1.9.1 and GCC-6.3.0 adaptions
Adds 1.9.1 support to base-hw

Note:
* the kernel timer is not working
* dynamic linking is currently not supported
2017-05-31 13:16:24 +02:00
Christian Prochaska
697f179e21 ram_fs: acknowledge packet in error case
Fixes #2434
2017-05-31 13:16:24 +02:00
Christian Helmuth
8bd0efced6 Remove obsolete RAM/CAP services from run scripts
Adapted launchpad and also the rm_fault and resource_request tests.

Issue #2407
2017-05-31 13:16:22 +02:00
Stefan Kalkowski
632ef28463 os: removal of deprecated os/config.h (fix #2431) 2017-05-31 13:16:22 +02:00
Emery Hemingway
16be05e530 Optional session label for Rtc connection constructor
Ref #2410
2017-05-31 13:16:22 +02:00
Christian Helmuth
febfb3bfe6 Fix source file location in RPi GPIO driver
The explicit relative location of the file instructed both target builds
to generate ../main.o which gloriously fails with parallel builds. The
produced range of error messages was astonishing ranging from "file
truncated" to "TLS reference in ../main.o mismatches non-TLS reference
in ../main.o".
2017-05-31 13:16:21 +02:00
Norman Feske
adb26b5216 API documentation refinements 2017-05-31 13:16:21 +02:00
Christian Helmuth
3c785a4ffb init: use service name from session class
Fixes issue with RAM constrains no longer effective.
2017-05-31 13:16:21 +02:00
Christian Helmuth
b37f411c3f ahci: optionally report discovered devices
Issue #2417
2017-05-31 13:16:20 +02:00
Christian Prochaska
16deaa9a72 timed_semaphore: fix deprecated warning
Fixes #2429
2017-05-31 13:16:19 +02:00
Stefan Kalkowski
0fb672b493 run: use default Qemu memory size for x86
Fix #2428
2017-05-31 13:16:19 +02:00
Emery Hemingway
25ec021fee server/vfs: ignore invalid handles at close()
Ref #2410
2017-05-31 13:16:18 +02:00
Christian Helmuth
923b3ec54d part_blk: prevent deprecated warning 2017-05-31 13:16:18 +02:00
Boris Mulder
d094ff995f part_blk: added optional partitions report 2017-05-31 13:16:16 +02:00
Norman Feske
0167d5af50 Integrate core's RAM service into the PD service
Fixes #2407
2017-05-31 13:16:14 +02:00
Norman Feske
3fc2a798b2 init: heuristics for DMA buffer allocations
If a child is allowed to constrain physical memory allocations but left
the 'phys_start' and 'phys_size' session arguments blank, init applies
builtin constraints for allocating DMA buffers.

The only component that makes use of the physical-memory constraint
feature is the platform driver. Since the built-in heuristics are
applied to the platform driver's environment RAM session, all
allocations performed by the platform driver satisfy the DMA
constraints.

To justify building-in these heuristics into init as opposed to
supplying the values as configuration arguments, the values differ
between 32 and 64 bit. The configuration approach would raise the need
to differentiate init configurations for both cases, which are
completely identical otherwise.

Issue #2407
2017-05-31 13:16:13 +02:00
Alexander Boettcher
420b66a1f0 platform_drv: remove usage of ram_connection
This commit removes support for limitation of RAM allocations from the
platform_drv. A subsequent commit adds this feature to init.

Issue #2398
Issue #2407
2017-05-31 13:16:13 +02:00
Norman Feske
71efb59873 terminal: add Cell_array destructor
With the capability-quota mechanism, the terminal-session won't always
be constructed completely on the first try (we may run out of caps in
the middle of the construction). Therefore, all members of the object
must be properly destructable. Furthermore, the patch replaces the
sliced heap by a heap to avoid allocating a new dataspace for each line
of the cell array.
2017-05-31 13:16:12 +02:00
Martin Stein
c70fed29f7 os/timer: interpolate time via timestamps
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end.  Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.

This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.

This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled.  Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.

With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.

This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.

Open issues:

* The timeout test fails on Raspberry PI because of precision errors in the
  first stage. However, this does not render the framework unusable in general
  on the RPI but merely is an issue when speaking of microseconds precision.

* If we run on ARM with another Kernel than HW the timestamp speed may
  continuously vary from almost 0 up to CPU speed. The Timer, however,
  only uses interpolation if the timestamp speed remained stable (12.5%
  tolerance) for at least 3 observation periods. Currently, one period is
  100ms, so its 300ms. As long as this is not the case,
  Timer_session::elapsed_ms is called instead.

  Anyway, it might happen that the CPU load was stable for some time so
  interpolation becomes active and now the timestamp speed drops. In the
  worst case, we would now have 100ms of slowed down time. The bad thing
  about it would be, that this also affects the timeout of the period.
  Thus, it might "freeze" the local time for more than 100ms.

  On the other hand, if the timestamp speed suddenly raises after some
  stable time, interpolated time can get too fast. This would shorten the
  period but nonetheless may result in drifting away into the far future.
  Now we would have the problem that we can't deliver the real time
  anymore until it has caught up because the output of Timer::curr_time
  shall be monotone. So, effectively local time might "freeze" again for
  more than 100ms.

  It would be a solution to not use the Trace::timestamp on ARM w/o HW but
  a function whose return value causes the Timer to never use
  interpolation because of its stability policy.

Fixes #2400
2017-05-31 13:16:11 +02:00
Christian Helmuth
307dd5768c Test for part_blk with GPT
Issue #1576
2017-05-31 13:16:11 +02:00
Christian Helmuth
03a1008f2e Use parted in part_blk test
Fixes #1576
2017-05-31 13:16:10 +02:00
Christian Helmuth
fd893a4f9b part_blk: support CHS and LBA extended partitions
Issue #1576
2017-05-31 13:16:10 +02:00
Stefan Kalkowski
9b350e7706 os: move private declarations to driver target
Ref #2403
2017-05-31 13:16:09 +02:00
Emery Hemingway
eaeb77a867 drivers/nic/linux: replace Thread_deprecated
Ref #1987
2017-05-31 13:16:09 +02:00
Stefan Kalkowski
10e2e223cd foc: remove obsolete features (ref #2405)
Removes the following Fiasco.OC specific features:
* GDB extensions for Fiasco.OC
* i.MX53 support for Fiasco.OC
* Kernel debugger terminal driver
* Obsolete interface Native_pd
* Obsolete function of interface Native_cpu
2017-05-31 13:16:08 +02:00
Christian Helmuth
24a0810cbc trace: disable out-of-metadata test step 2017-05-31 13:16:08 +02:00
Norman Feske
4d442bca30 Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.

Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.

This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-31 13:16:07 +02:00
Norman Feske
1f4f119b1e Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.

Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.

At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.

If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:

  <default-route>
    <service name="PD" unscoped_label="timer">
      <parent diag="yes"/>
    </service>
    ...
  </default-route>

For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.

Fixes #2398
2017-05-31 13:16:06 +02:00
Norman Feske
773e08976d Assign cap quotas in run scripts and recipes
Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
e44f65f3b2 core: RAM service based on 'Session_object'
This patch reworks the implementation of core's RAM service to make use
of the 'Session_object' and to remove the distinction between the
"metadata" quota and the managed RAM quota. With the new implementation,
the session implicitly allocates its metadata from its own account. So
there is not need to handle 'Out_of_metadata' and 'Quota_exceeded' via
different exceptions. Instead, the new version solely uses the
'Out_of_ram' exception.

Furthermore, the 'Allocator::Out_of_memory' exception has become an alias
for 'Out_of_ram', which simplifies the error handling.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
aea5d03691 base: add Child_policy::Route::Diag flag
The 'diag' flag can be defined by a target node of a route in init's
configuration. It is propagated as session argument to the server, which
may evaluate the flag to enable diagnostic output for the corresponding
session.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
3670f7735d base: use 'Quota_transfer::Account' for 'Service'
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.

Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.

With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.

Issue #2398
2017-05-31 13:16:06 +02:00
Norman Feske
f02c8328db init: access Ram_session as const
This is now possible because the new 'used_ram' and 'ram_quota' RPC
functions are declared as const.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
6609aafb05 Replace Quota_exceeded by Insufficient_ram_quota
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.

Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).

This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.

Issue #2398
2017-05-31 13:16:05 +02:00
Norman Feske
843dd179d7 base: remove int return types from 'Ram_session'
This patch replaces the existing C-style error codes with C++
exceptions.

Fixes #895
2017-05-31 13:16:04 +02:00
Norman Feske
58f44d39c5 base: use 'Ram_quota' in 'Ram_session' args
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
ff68d77c7d base: new 'Ram_allocator' interface
The 'Ram_allocator' interface contains the subset of the RAM session
interface that is needed to satisfy the needs of the 'Heap' and
'Sliced_heap'. Its small size makes it ideal for intercepting memory
allocations as done by the new 'Constrained_ram_allocator' wrapper
class, which is meant to replace the existing 'base/allocator_guard.h'
and 'os/ram_session_guard.h'.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
5a468919bb base: new session-creation helper types
This patch augments the existing session/session.h with useful types for
the session creation:

* The new 'Insufficient_ram_quota' and 'Insufficient_cap_quota'
  exceptions are meant to supersede the old 'Quota_exceeded' exception
  of the 'Parent' and 'Root' interfaces.

* The 'Session::Resources' struct subsumes the information about the
  session quota provided by the client.

* The boolean 'Session::Diag' type will allow sessions to operate in a
  diagnostic mode.

* The existing 'Session_label' is not also available under the alias
  'Session::Label'.

* A few helper functions ease the extraction of typed session arguments
  from the session-argument string.

Issue #2398
2017-05-31 13:16:04 +02:00
Norman Feske
c1b981ede4 Annotate session interfaces with CAP_QUOTA
The new 'CAP_QUOTA' enum value denotes the capability quota to be
transferred from the client to the server at session-creation time.

Issue #2398
2017-05-31 13:16:04 +02:00
Emery Hemingway
f7d80a9bf9 drivers/ahci: clean exit when no controllers are found
Fix #2402
2017-05-31 13:16:02 +02:00
Christian Helmuth
1828f70037 Fix deprecated warnings in servers
Issue #1987
2017-05-31 13:16:02 +02:00
Emery Hemingway
24a9537a27 File_system: replace per-handle signals with notification packets
Replace registration and signaling of per-handle signal capabilities
with CONTENT_CHANGED notification packets.

Fix #2397
2017-05-31 13:16:01 +02:00
Emery Hemingway
29b3fff5eb app/rom_to_file: catch Node_already_exists and overwrite files
Ref #1934
2017-05-31 13:16:01 +02:00