* Supply Env to Input::Session_component
* Attach input event dataspace at Input::Client
* Process input events by lambda rather than pointer
* Supply Env and a label to Input::Connection
* Wm serves valid input_session to decorator
* Per-source signal handling at input_merger
* Base API update for dummy_input_drv, test_input
* Input API update for launcher, menu_view, terminal,
mupdf, sdl, seoul, virtualbox
Ref #1987
This patch makes the build-system integration of noux packages usable
for non-Noux targets. It moves the GNU build system wrapper to
ports/mk/gnu_build.mk, which is now included by noux.mk. This way,
non-noux applications can use the same build-system wrapper. So the
porting of individual applications becomes easier.
This change removes the 'NOUX_' prefix use the various build variables
used by the noux-pkg's target.mk files to steer the behaviour of the GNU
build system. E.g., NOUX_CONFIGURE_ARGS is now called CONFIGURE_ARGS.
Note that there is a single exception to this pattern: The formerly
named NOUX_LIBS is now called LDLIBS because the plain LIBS variable is
used by the Genode build system.
Fixes#2094
The main feature for this version upgrade is the use of the instruction
emulator (IEM) to speed up execution and less often the slow recompiler.
issue #2059
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
Add option to load the initial overlay*.vdi from disk, but keep the changes
in a ram_fs.
Used with AHCI model for vbox_auto_win7. Currently we have no way to tell
rump_fs to unmount and write back data to disk before resetting the machine.
Conveying the ROM filename as the final label element simplifies
routing policy and session construction.
Annotations by nfeske:
This commit also changes the ROM session to use base/log.h instead of
base/printf.h, which produced build error of VirtualBox because the
vbox headers have a '#define Log', which collides with the content of
base/log.h. Hence, this commit has to take precautions to resolve this
conflict.
The commit alse refines the previous session-label change by adding a
new 'Session_label::prefix' method and removing the use of 'char const *'
from this part of the API.
Fixes#1787
This patch establishes the sole use of generic headers across all
kernels. The common 'native_capability.h' is based on the version of
base-sel4. All traditional L4 kernels and Linux use the same
implementation of the capability-lifetime management. On base-hw, NOVA,
Fiasco.OC, and seL4, custom implementations (based on their original
mechanisms) are used, with the potential to unify them further in the
future.
This change achieves binary compatibility of dynamically linked programs
across all kernels.
Furthermore, the patch introduces a Native_capability::print method,
which allows the easy output of the kernel-specific capability
representation using the base/log.h API.
Issue #1993
This patch alleviates the need for a Native_capability::Dst at the API
level. The former use case of this type as argument to
Deprecated_env::reinit uses the opaque Native_capability::Raw type
instead. The 'Raw' type contains the portion of the capability that is
transferred as-is when delegating the capability (i.e., when installing
the parent capability into a new component, or when installing a new
parent capability into a new forked Noux process). This information can
be retrieved via the new Native_capability::raw method.
Furthermore, this patch moves the functions for retriving the parent
capability to base/internal/parent_cap.h, which is meant to be
implemented in platform-specific ways. It replaces the former set of
startup/internal/_main_parent_cap.h headers.
Issue #1993
Use quota large enough so that the USB driver does not attempt to
request further memory. On the Raspberry Pi, init has no slack memory
to respond to such a request.
Pass both paths, absolute path to the mount point and the relative path
from the mount point to the file, along with an open handle rather than
just an absolute path. Otherwise, fstat fails if the addressed file is
implemented by another VFS plugin.
Fixes#1789
Move Genode/vbox memory configuration check to separate
genode_check_memory_config() function and call it in platform-specific
setup machine hook of accloff/nova.
The rationale for this change is to omit the check on Muen since the
guest memory is separate and not allocated from base-hw memory.
Issue #2016
Add call to genode_setup_machine prior to machine registration in
frontend machine setup code. This enables platform-specific adjustments
to the machine instance.
The new function is used on hw_x86_64_muen to clamp the processor count
to 1 as multiple virtual CPUs are not supported on this platform.
Issue #2016
* Implement VMMR0_DO_VMMR0_INIT operation for Muen
- Indicate VT-x support
- Enable unrestricted guest mode
- Set CR[0|4] mask to enable masking of guest CR0.[NE,NW,CD] and
CR4.VMXE bits.
* Implement VMMR0_DO_GVMM_CREATE_VM on Muen
Return error if trying to create SMP VM as VMs with multiple CPUs are
currently not supported on hw_x86_64_muen.
* Add Muen-specific Mem_region type
On hw_x86_64_muen the guest memory layout is static, thus regions are
handed out from an array of memory regions.
Use sinfo API to calculate the base address of the VM RAM physical
0x0 region. This allows to dynamically modify the VM RAM size by
adjusting the Muen policy and Genode vbox files accordingly.
Zeroize all memory regions apart from VM Ram since Virtualbox expects
these regions to be cleared.
* Add Muen subject state struct
The subject state encompasses the guest VM machine state that is
transfered between Virtualbox and hardware accelerated execution on
Muen.
* Add Muen-specific Vm_handler class
* Use Vm_handler to run VM
* Instruct recompiler to flush its code cache
* Copy the Muen subject state to/from the Vbox PCPUMCTX.
* Use the VM interruptibility state to inform the recompiler whether
interrupts are currently inhibited.
* Explicitly handle control register access
If a VM-exit occurs due to a control register access, handle it and
directly continue hardware accelerated execution of guest VM.
Note: On NOVA control register accesses are handled by the kernel [1].
[1] - https://github.com/alex-ab/NOVA/blob/master/src/ec_vmx.cpp#L106
* Reset guest interruptibility state
Assert that interrupts are not inhibited in the Virtualbox machine
state and clear Blocking-by-[STI|MOV to SS] guest interruptibility
flags prior to running a guest VM in hwaccel mode.
* Set return code depending on exit reason
Do not unconditionally emulate the next instruction on VM exit. This
makes sharing the VM FPU state with Virtualbox unnecessary, as FPU
instructions are not emulated by the recompiler any longer.
Also, assert that the FPU has not been used by the recompiler
* Inject pending guest VM interrupts on Muen
Use mapped subject pending interrupts page of guest VM to perform
interrupt injection. IRQs are transferred from the Virtualbox trap
manager state to the pending interrupts region for injection. If an
IRQ remains pending upon returning to the recompiler, it is copied
back to the trap manager state and cleared in the subject interrupts
region.
* Inform recompiler about changed SYSENTER_[CS|EIP|ESP] values,
otherwise values set while running the guest VM hardware accelerated
may get lost.
* Implement genode_cpu_hz() on Muen
Determine the CPU frequency dynamically using the sinfo API.
Issue #2016
The virtual PCI model delivers IRQs to the PIC by default and to the
IOAPIC only if the guest operating system selected the IOAPIC with the
'_PIC' ACPI method and if it called the '_PRT' ACPI method afterwards.
When running a guest operating system which uses the IOAPIC, but does
not call these ACPI methods (for example Genode/NOVA), the new
configuration option
<config force_ioapic="yes">
enforces the delivery of PCI IRQs to the IOAPIC.
Fixes#2029
* use Component::* instead of Server::*
* do not use old printf format anymore
* do not use old Genode::env()->heap() anymore
* avoid pointers where possible, and use references instead
* throw away the thread-safe variants of list and AVL tree,
nic_bridge became single-threaded in the past
* introduce Ram_session_guard instead of Allocator_guard
Issue #1987
Replace 'attribute(...).has_value("yes")`
with 'attribute_value(..., false)'.
This allows for boolean configuration to be set with values such as
"true", "false", "yes", "no", or "1", "0".
Fixes#2002
Instead of passing on the Noux 'config' ROM dataspace to child processes,
provide a separate configuration for each Noux child, which is either
'<config/>' or '<config ld_verbose="yes"/>', depending on the
configuration of this attribute for the Noux process. This is also a
workaround to prevent multiple insertion of the same 'config' ROM
dataspace capability into the dataspace registry.
Issue #1978
- add a new function 'binary_ready_hook_for_gdb()' in ldso. GDB can set a
breakpoint at this function to know when ldso has loaded the binary
into memory.
- get the thread state from the NOVA kernel immediately on 'pause()'
Fixes#1968
This patch moves the thread operations from the 'Cpu_session'
to the 'Cpu_thread' interface.
A noteworthy semantic change is the meaning of the former
'exception_handler' function, which used to define both, the default
exception handler or a thread-specific signal handler. Now, the
'Cpu_session::exception_sigh' function defines the CPU-session-wide
default handler whereas the 'Cpu_thread::exception_sigh' function
defines the thread-specific one.
To retain the ability to create 'Child' objects without invoking a
capability, the child's initial thread must be created outside the
'Child::Process'. It is now represented by the 'Child::Initial_thread',
which is passed as argument to the 'Child' constructor.
Fixes#1939
This patch supplements each existing connection type with an new
constructor that is meant to replace the original one. The new
one takes a reference to the component's environment as argument and
thereby does not rely on the presence of the globally accessible
'env()' interface.
The original constructors are marked as deprecated. Once we have
completely abolished the use of the global 'env()', we will remove them.
Fixes#1960
The recent move of the initial three region maps into the PD session
breaks the noux.run test on Linux because the address spaces are locally
managed on this platform but the generic code of Noux still tries to
execute the regular procedure of creating the virtualized PD session for
a new Noux process. This patch handles a corner case that occurs on
Linux but no other platform. It enables the successful creation of the
virtualized PD session so that the test runs to completion. Still noux
on Linux remains to be limited to non-forking programs.
Issue #1938
This patch cleans up the thread API and comes with the following
noteworthy changes:
- Introduced Cpu_session::Weight type that replaces a formerly used
plain integer value to prevent the accidental mix-up of
arguments.
- The enum definition of Cpu_session::DEFAULT_WEIGHT moved to
Cpu_session::Weight::DEFAULT_WEIGHT
- New Thread constructor that takes a 'Env &' as first argument.
The original constructors are now marked as deprecated. For the
common use case where the default 'Weight' and 'Affinity' are
used, a shortcut is provided. In the long term, those two
constructors should be the only ones to remain.
- The former 'Thread<>' class template has been renamed to
'Thread_deprecated'.
- The former 'Thread_base' class is now called 'Thread'.
- The new 'name()' accessor returns the thread's name as 'Name'
object as centrally defined via 'Cpu_session::Name'. It is meant to
replace the old-fashioned 'name' method that takes a buffer and size
as arguments.
- Adaptation of the thread test to the new API
Issue #1954
This patch makes the former 'Process' class private to the 'Child'
class and changes the constructor of the 'Child' in a way that
principally enables the implementation of single-threaded runtime
environments that virtualize the CPU, PD, and RAM services. The
new interfaces has become free from side effects. I.e., instead
of implicitly using Genode::env()->rm_session(), it takes the reference
to the local region map as argument. Also, the handling of the dynamic
linker via global variables is gone. Now, the linker binary must be
provided as constructor argument.
Fixes#1949
This patch replaces the former 'Pd_session::bind_thread' function by a
PD-capability argument of the 'Cpu_session::create_thread' function, and
removes the ancient thread-start protocol via 'Rm_session::add_client' and
'Cpu_session::set_pager'. Threads are now bound to PDs at their creation
time and implicitly paged according to the address space of the PD.
Note the API change:
This patch changes the signature of the 'Child' and 'Process' constructors.
There is a new 'address_space' argument, which represents the region map
representing the child's address space. It is supplied separately to the
PD session capability (which principally can be invoked to obtain the
PD's address space) to allow the population of the address space
without relying on an 'Pd_session::address_space' RPC call.
Furthermore, a new (optional) env_pd argument allows the explicit
overriding of the PD capability handed out to the child as part of its
environment. It can be used to intercept the interaction of the child
with its PD session at core. This is used by Noux.
Issue #1938
This patch integrates three region maps into each PD session to
reduce the session overhead and to simplify the PD creation procedure.
Please refer to the issue cited below for an elaborative discussion.
Note the API change:
With this patch, the semantics of core's RM service have changed. Now,
the service is merely a tool for creating and destroying managed
dataspaces, which are rarely needed. Regular components no longer need a
RM session. For this reason, the corresponding argument for the
'Process' and 'Child' constructors has been removed.
The former interface of the 'Rm_session' is not named 'Region_map'. As a
minor refinement, the 'Fault_type' enum values are now part of the
'Region_map::State' struct.
Issue #1938
Currently the report name is used implicitly as first xml node name for the
report. This is inconvenient if one component wants to generate various xml
reports under various names (e.g. to steer consumers/clients slightly
differently) but with the same xml node tree structure.
Fixes#1940
This patch unifies the CPU session interface across all platforms. The
former differences are moved to respective "native-CPU" interfaces.
NOVA is not covered by the patch and still relies on a custom version of
the core-internal 'cpu_session_component.h'. However, this will soon be
removed once the ongoing rework of pause/single-step on NOVA is
completed.
Fixes#1922
Opening a VFS handle previously involved allocating from the global heap
at each VFS file system. By amending open with an allocator argument,
dynamic allocation can be partitioned.
A new close method is used to deallocate open handles.
Issue #1751
Issue #1891
