Since page tables might need to be allocated during
insert_translation(), Out_of_ram or Out_of_caps exceptions might occur.
Entries that have already been added by insert_translation() must thus be
removed once one of those exceptions occurred.
Fixes#5254
Add TAR_OPT to global.mk that defaults to user and group 1, while
setting mtime to 0 for tar archives. This can be used in components to
produce consistent (reproducible) tar archives.
issue #5255
This patch replaces the former Child::Process and
Child::Process::Loaded_executable classes by static functions that
return failure conditions as return values.
Issue #5245
By using GCC's --debug-prefix-map argument, we can make sure that debug
archives always refer to source files at /depot. With this change, GDB
can be pointed to the correct source-file location by using the `set
substitute-path /depot /path/to/local/depot`.
Fixes#5260
This patch tightens the coupling of the 'Platform_thread' objects
with their corresponding 'Platform_pd' objects by specifying the
'Platform_pd' as constructor argument, keeping the relationship
as a reference (instead of a pointer), and constraining the
lifetime of 'Platform_pd' objects to the lifetime of the PD.
It thereby clears the way to simplify the thread creation since all
PD-related information (like quota budgets) are now known at the
construction time of the 'Platform_thread'.
The return value of 'Platform_thread::start' has been removed because it
is not evaluated by 'Cpu_thread_component'.
Related to #5256
Fix the wrong assumption about isochronous packets being always send
with maximum EP's packet size. Instead the isochronous cache now contains
a sizes array to deal with arbitrary packet sizes.
Fixgenodelabs/genode#5257
For consistency reasons, remove the cortex_a8, cortex_a9, and cortex_a15
spec directories. Such SPEC variables do not exist since a while.
Also rename remaining translation_table.h header to page_table.h to
stay consistent with the class names inside.
Fixgenodelabs/genode#5253
- Remove exceptions
- Use 'Attr' struct for attach arguments
- Let 'attach' return 'Range' instead of 'Local_addr'
- Renamed 'Region_map::State' to 'Region_map::Fault'
Issue #5245Fixes#5070
The 'Thread_creation_failed' error is now reflected as
'Thread::Start_result' return value. This change also removes the
use of 'Invalid_thread' within core as this exception is an alias
of Cpu_session::Thread_creation_failed.
Issue #5245
For each packet that got stuck with an ARP-cache miss, the router used to send
one ARP request and create one ARP waiter. However, in situations where many
packets target the same IP at one destination domain and during a short period
of time, this causes unnecessary session-quota consumption and network traffic.
This issue becomes especially pressing when taking malicious source peers,
absent destination peers, and packet batching into account.
Therefore, with this commit, the router can accumulate multiple source packets
with the same destination IP at one ARP waiter. This means, that only the first
packet with an ARP-cache for a certain IP sends an ARP request and creates an
ARP waiter. For situations where the ARP request is not answered, this
essentially rate-limits ARP requests for one IP at one destination domain
according to the lifetime of ARP waiters (default: 10s)
Ref #4534
The router used to send an ARP request for a packet before allocating the
corresponding ARP waiter. If the ARP waiter could not be allocated due to
resource exhaustion plus emergency free failed, the packet got dropped and the
router had produced unnecessary network traffic. The commit fixes this by
sending only after successful allocation.
Ref #4534
The previous default packet-batch count of 150 (<config
max_packets_per_signal>) was choosen with the only goal of preventing
starvation by huge amounts of packets from one session.
However, there is something else to keep in mind. A packet that is found to
require ARP sends an ARP request and becomes blocked after having consumed
resources. This means, that, in the worst case, the router used to send 150 ARP
requests and consume resources 150 times before making it even possible for the
outer world to react and cause resources to be freed.
With this additional scenario in mind, the default batch size should be
significantly lower.
Ref #4534
poll(2) needs to handle invalid file descriptors in the pollfd struct,
specifically -1 as it may be used to disable entries in the fds[] array.
Fix a possible nullptr dereference by checking the File_descriptor
pointer returned by find_by_libc_fd() for validity and skip processing
of any unresolved FDs, effectively implementing standard POSIX
semantics.
Fixes#5249
This patch removes the exception formerly thrown by 'Cpu_thread::state'
and turns the 'Thread_state' structure into a plain compound type w/o a
constructor.
Issue #5245Fixes#5250
With libxml2 >= 2.13, the `-path` argument can no longer be used for
setting search paths for xsd files. Instead, we use an XML catalog to
replace genode:// URIs with absolute paths.
Fixes#5248
This patch replaces exceptions of the PD session RPC interface with
result types.
The change of the quota-transfer RPC functions required the adaptation
of base/quota_transfer.h and base/child.h.
The 'alloc_signal_source' method has been renamed to 'signal_source'
to avoid an exceedingly long name of the corresponding result type.
The Pd_session::map function takes a 'Virt_range' instead of basic-type
arguments.
The 'Signal_source_capability' alias for 'Capability<Signal_source>' has
been removed.
Issue #5245
So far, this test used dynamic_rom for the re-configuration of the nic router
and tested for the expected ping results by inspecting the log with the run
tool. However, this approach had two issues:
* Timing differs significantly on different targets and so the dynamic_rom had
the difficult task of compensating with heuristics without bloating the test
duration too much.
* In case of a failing test, it was difficult to determine the cause as the
test kept running and produced output for quite some time and there was also
no specific error message but only a generic timeout.
These two issues are now fixed by introducing a test component that listens to
the ping-result report and manages the nic router configuration. The new
component exits early on failure and provides information on the error
circumstances. Furthermore, the component advances to the next test step only
after having seen the expected result of the active test step and thereby
removes the need for heuristics about target timing.
Fixes#5192
This patch updates the signal API to avoid raw pointers, and
replaces the Context_already_in_use and Context_not_associated
exceptions by diagnostic messages.
Fixes#5247
The router used to ignore the value of the <report quota=".."/> attribute when
it came to determining whether an interface's report is empty or not.
Therefore, merely configuring <report quota="yes"/> didn't cause interfaces
(and their quota) to show up in the report. Instead, interface quota was
reported as side effect of <report stats="yes"/>. The commit fixes this
inconsistency with the README.
The only object that is dynamically allocated by a network interface and that
was not equipped with a self-destruct timeout was the ARP waiter. This commit
closes this gap by adding a timeout to each ARP waiter that is set to 10
seconds by default but can be configured via the new <config> attribute
'arp_request_timeout_sec'.
Ref #4729
RFCs recommend to keep TCP connections for a certain time even after they
finished a close handshake, AFAIK, in order to be able to recognize astray
packets when they arrive later. This seems overambitious especially when in
the context of the router where session quota is pretty limited. Therefore,
this commit drops this final timeout and drops closed connections immediately.
Ref #4729
The previous value of 60 seconds was never observed in real-time scenarios and
UDP, for instance always used a timeout of 30 seconds without causing issues.
Note that this applies only to TCP connections in a state other than
ESTABLISHED, i.e., while it is still safe to early-drop the connection.
Ref #4729
The TCP connection state "ESTABLISHED" (in the router "OPEN") is a privileged
one for peers because it lasts very long without any peer interaction (in the
NIC router it's only 10 minutes, but RFCs recommend not less than 2 hours and
4 minutes). Furthermore, TCP connections in this state are normally not
available for early-drop on resource exhaustion. This means that this state
binds resources to a connection potentially for a long time without the option
of regaining them under stress. Therefore, this state should be entered with
care.
Up to now, the router marked a TCP connection with this state as soon as it had
seen one matching packet in both directions, which is rather quick. However,
implementing a very precise tracking of the exact TCP states of both peers and
only marking the connection "ESTABLISHED" when both peers are "ESTABLISHED" is
a difficult task with lots of corner cases.
That said, this commit implements a compromise. The router now has two flags
for each peer of a TCP connection - FIN sent and FIN acked - and sets them
according to the observed TCP flags. The "ESTABLISHED" state is entered only
when FIN acked is set for both peers (without having observed an RST or FIN
flag meanwhile).
Ref #4729
The Reference and Const_reference utility were introduced in order to express
that something is a reference (no null value) but can be changed dynamically
(not possible with built-in C++ references). However, the idea of preventing
every possibility for null pointer faults, with which the router was built
initially, has not prevailed and using pointers instead of the utility saves
logic and makes the code more readable to other C++ developers.
Ref #4729
The deinitialization method of Domain used to rely on Domain::with_dhcp_server
in order to dissolve and destroy a present DHCP server. However, this method
skipped calling its functor argument also when there was a DHCP server but an
invalid one. This commt replaces the with_dhcp_server with a pointer null-check
in order to fix the leak.
Ref #4729
Re-implements an emergency freeing of resources on exhaustion of session quota.
In contrast to the past one, the new algorithm is executed directly where the
exhaustion occurs. Instead of interupting the packet handling and restart it
from the beginning after the freeing action, packet handling is now continued
at the point of exhaustion (if enough resources could be freed). Furthermore,
the new algorithm frees only 100 objects (instead of 1024) at a max as we found
this to better match real-life observations. And finally, the router now drops
ICMP first, then UDP, then TCP - as this better reflects priorities - and
refrains from dropping TCP connections in the ESTABLISHED state. If the router
cannot free a sufficient amount of resources, the packet that caused the
exhaustion is dropped with a warning (verbose_packet_drop="yes").
Ref #4729
Remove the use of C++ exception as much as possible from the router as C++
exception handling can be resource intensive and can make code hard to
understand.
This also removes the garbage collection that the router used to do when a
session ran out of quota. This is motivated by the fact that the garbage
collection was rather simple and removed connection states regardless of their
current state, thereby causing broken connections. The change is part of this
commit as the approach to integrating garbage collection relied strongly on
exception handling.
The user story behind removing garbage collection: The router emergency-dropped
an established TCP connection (with NAPT) and on the next matching packet
re-created it with a different NAPT port, thereby breaking the connection. With
this commit, existing connections are prioritized over new ones during resource
exhaustion and the packets that attempt to create a new connection in such a
state are dropped with a warning in the log (verbose_packet_drop="yes").
Note that the state resolves itself with time as existing connections time out
or are closed by peers.
Ref #4729
Reserved memory regions must be excluded from the corresponding DMA
allocators irrespective of whether the device is in use. Otherwise, an
early allocation of DMA buffers may use the reserved memory regions of a
late acquired device.
Fixes#5232
Add special handling for root bridge access for
12th Gen Framework laptop and Thinkpad X1 Nano Gen2
to avoid bogus MMIO memory accesses as seen in #5234 and #4643.
Fixes#5234
Based on not emulated and therby wrong values, acpica calculates a
physical address which points to somewhere. Remove this hack from core and
try to emulate accesses inside acpica where necessary.
Issue #4643
Issue #5234
This exception got introduced as a mere convenience for implementers of
'Child_policy' but required a special case in the base library.
Following the goal of eliminating exceptions from the base system,
this patch removes it by making a server_id_space mandatory.
Issue #5245
as setup by firmware after boot. The information will/can be used by the
platform driver to re-program bridges after a system suspend/resume cycle.
Issue #5241
This patch allows the use of the 'Id_space' utility without catching
'Unknown_id' exceptions. Instead, the new 'apply' overload takes a
second functor 'missing_fn' as argument, which is called whenever the
lookup fails.
Issue #5244
- Replace 'typedef' by 'using'
- Avoid plain pointers
- Import Genode namespace into Gui::
- Use enum class
- Use Attr struct for passing multiple attributes
- Turn testnit into proper Genode::Component
- Use distinct types for top-level and child views
- Remove dependency from timer
- Use util/geometry.h
- Move header to base/include to make it applicable for base types
like 'Affinity' down the road.
- Represent 'Rect' as typle of point and area, which is the most
common form of initialization, creates in valid 'Rect' by default.
- Turn Point, Area, and Rect into compound types, making x, y, w, h, at,
area accessible without a method call
- 'Rect::Compound' function for constructing a 'Rect' from two points,
replacing a former constructor
- Use result type 'Rect::Cut_remainder' instead of out parameters.
Fixes#5239
This patch turns 'Color' from a class to a POD type by replacing
the constructors by the named create functions 'rgb', 'clamped_rgb',
and 'clamped_rgba'. It thereby enables the initialization of Color
values using { .r = ... } syntax and makes the type usable in const
expressions.
It also narrows the type for color components and alpha values to
uint8_t. So possible integer overflows of computed values are detected
by -Wconversion.
As 'Color::rgb(0, 0, 0)' is repeatedly used as a default value, the
patch adds the 'Color::black()' function.
Fixes#5238
- Move C++ sources from lib/wireguard to app/wireguard, which require
Genode include paths (that conflict with linux)
- Rename lib/wireguard_lx_inc_dirs to lib/wireguard, which builds linux
sources with linux include paths
In '_generic_syncobj_wait' check if sync-objetcs exist, return error
otherwise. Do not wait because the execution model is synchroneous,
meaning no batch buffers are in execution when this function is called
(_drm_mutex).
issue #5224
Use pthread_mutex because the EP can block while the thread executing a
batch buffer and waiting for a completion signal in the VFS-GPU plugin
can still make progress.
Also return to coarser locking until we support Sync-Object Wait
semantics.
issue #5224
Freshly allocated BOs from libdrm have to be zeroed. Since the libdrm/iris
caches VRAM allocations, we don't want to attach/detach parts of dataspaces at
every allocation. Some objects are used long (through caching in the iris
Gallium driver). Therefore, zero object on release where the region might
already be mapped.
issue #5224
This commit adds a weak dummy implementation to a compilation unit
that is referenced by all DDE Linux based driver components to
prevent adding a dummy to every driver.
The upstream implementation is used to allocate order-0 pages in
a batch and users, e.g. page-pool allocator, may rely on that
behaviour and thus it is implemented with this commit.
This commit remedies the somewhat lazy attempt to address unique names
for drivers where the name is directly derived from KBUILD_MODNAME,
e.g. rtlwifi, and also modifies the name accordingly to the rules
of Linux' build-system. The last part becomes necessary as driver
matching tables may rely on that as has already happend with the
ti-sn65dsi86 driver.
This enables the combination of the nic_uplink component with any driver
pkg featuring a runtime file. This is already the case of the pc_nic
driver.
This is a preparatory step for issue #4420.
When having a maximized terminal window, a suspend was causing an
invalid mode change at nitpicker. This triggered a huge resource request
in nitpicker because the RAM-quota check was rendered ineffective by a
wrap-around during unsigned multiplication.
Issue genodelabs/genode#5180Fixesgenodelabs/genode#5201
The test reverts the platform drivers' config at the end of the test
to an empty state. However, this state should still contain a default
policy (analogyously to the initial state). Otherwise, the platform
session of the test program will (sometimes) become invalid just before
successfully finishing the test.
The original use cases of the loader have long been covered by the
dynamic init. The only substantial client of the loader remained to be
the qpluginwidget. However, the qpluginwidget was supported only by the
Arora web browser. But the blending of plugins with websites ultimately
remained a tech demo, and Arora has been replaced by Falkon.
Fixes#5229
When more than one thread are accessing the DRM interface it is not wise
to use global locking, especially when a pthread is executing a batch
buffer and waits for a completion signal in the VFS-plugin. In case the
EP gets stuck in the global lock, no progress is made. Therefore:
* use _drm_mutex only where strictly necessary
* use special _exec_mutex to protect buffer execution (per context)
* print warning when two threads try to execute a buffer in the same
context
isse #5224
Default disabled initialization prevents follow-up errors if one
capability is already enabled on boot, but platform_drv decides to
enable the other one. The PCI spec explicitly states that "Behavior is
undefined if both MSI and MSI-X are enabled simultaneously".
Fixes#5228
A launched child only becomes present in the runtime when it has been
configured. This must be considered when checking for missing servers.
Fixesgenodelabs/genode#5226
Using a segment to reserve the AP (application processor) code page does not
work if the region overlaps with other non-memory types, e.g. bender checks
for the overlapping and denies to boot on such machines.
Without bender, the system boots up fine. So, partially remove the nova commit
"Add segment to reserve AP startup page" and instead apply the idea of
Cyberus's version. Place the AP boot code later during boot and save and
restore the memory before/after SMP bootstrap.
Prerequisites for Mesa 24.0.1
* generic:
* add patch to retrieve PCI/Platform information from Genode side of the DRM
interface (in drmGetDevice2)
* add generated 'fourcc' file
* iris:
* report back-end (currently 'i915', 'xe' is unsupported)
* add various I915_CONTEXT_PARAM* and I915_PARAM*
* allocate 'Buffer's starting with ID 1 (0 is invalid)
* enforce 48-bit-address limit on unmap also
* disable I915_EXEC_FENCE_ARRAY array check, because we do not support
sync objects right now and rendering in synchronous
* etnaviv:
* create 'Fenceobj' only *once* for each GPU context
issue #5224
The initial SVM implementation (correctly) just used another standard
x86_64 page table for nested paging. The EPT implementation is for Intel
VMX only. Since we don't know the underlying virtualization technology
at compile time, we need to pick the correct page table implementation
at runtime.
Add add a AMD-compatible HPT page table implementation using the same
base implementation and (more importantly) allocator as the EPT
implementation. Add a Vm_page_table implementation that determines the
used virtualization technology at runtime and internally defers insert
and remove operations to the correct page table implementation.
Issue #5218
To make the x86 page table base implementation compatible with the
function signatures used in hw, make the Intel IOMMU specific arguments
optional:
- Make the `flush` parameter default to false.
- Make the `supported_sizes` parameter default to 1GB + 2MB + 4k.
Issue #5217
The Intel IOMMU page table implementation in the pc platform driver uses
a page table allocator that is adapted from the implementation in the hw
kernel.
Move the allocator to base as a first step to consolidate
implementations, fix an Array constructor and re-add the Allocator
constructor working on addresses instead of tables.
Issue #5217
On hw, `Page_flags` is used throughout architectures. At the same time,
it is used by the Intel IOMMU page table implementation in the pc
platform driver.
Consolidate the definition in base so it is available for all users.
Issue #5217
separately. The "iommu" option is now split up into "iommu_intel" and
"iommu_amd" and thereby can be disabled easily if required for one of the CPU
vendors.
Fixes#5206
- no need to explicitly switch off vga anymore
- use vPID for VMs which improves TLB usage if multiple vCPUs on same
pCPU is used, which happens to happen on Sculpt.
- support for mwait by nova kernel, which is off by default
Issue #5206
Create a generic interface for x86 virtualization.
Split the VMCB data structure in `Vmcb_buf` to represent the physical
VMCB page and `VMCB` as a control interface.
Issue #5113
So far, the VMCB data structure was generated from it's parts (most
prominently VMCB Control Area and VMCB State Save Area) with the VMCB Control
Area accessed via the Mmio framework, while the VMCB State Save Area
struct used directly defined members.
Unify the VMCB structure and uniformly use the Mmio framework to access
the VMCB. Separate the controlling structure from the VMCB page.
Issue #5113
The SVM implementation did not lend itself to a runtime selection of the
x86 virtualization technology.
Encapsulate functionality in the VMCB class to facilitate adding support
for Intel's VMX.
Issue #5113
The initial algorithm ported to hw seems to be correct in principle,
however it does not work with nested virtualization.
Clean up the code to make the different methods of obtaining the TSC
frequencies more clear, and add warnings if a particular
method has failed although it should be available.
Fixes#5210
for other VMMs beside Virtualbox, e.g. Seoul or potentially arm/vmm. The
webcam model depends on libyuv, which uses stdcxx + full libc, which is not
desired or required for all VMM implementations.
Fixes#5208
We discovered this relocation, which does nothing, in pre-compiled
libraries. It is easy to implement because it has the same
relocation-type number (0) for all supported ABIs.
Also adjust error message from "Unsupported PLT relocation" to
"Unsupported translation table address format" to not confuse the
relocation type with the translation table type.
Fixes#5209
During resume the waiting for Cmd::St takes ~2s on a T460p with Intel
AHCI SSD attached. According to the Serial ATA AHCI Spec. wakeup can take
seconds, e.g. chapter 8.2 Power State Mappings of the Serial ATA AHCI spec
(1.3.1).
Issue #5203
Restore the reporting in situations where all capture sessions are gone.
This fixes the webcam package that disables the USB webcam driver when
nitpicker report no active displays.
Issue #5187
- Avoid geometry animation at boot time
- Assign CPU quantum to higher prioritized GUI components
- Defer touch_keyboard start to reduce boot time
Issue #5174
Instead of using one default policy when creating an mmc driver's
configuration, produce some more static policy items to support
boards with more than one card per driver (mnt_reform2).
Both keys are physically the same on available keyboards (with varying
labeling). Unfortunately, PS/2 scancode sets and USB HID spec seem to
differ slightly in their interpretation. Therefore, we keep the
driver-level reporting as is but report both as KEY_PRINT in Sculpt,
which allows to use the key(s) for screenshoter rules most prominently.
Also, unify sculpt/event_filter/pc with sculpt_manager.
With the current RAM setting, opening the inspect window fails on a
display with 4K resolution.
Adjust the inspect window's RAM quota to make it work.
Issue #5174
When a new signal arrives, which means a formerly non-pending one,
we should ignore old signal numbers of that context, but only
evaluate newly received data by the last kernel-call.
Fix#5193
The ported i2c_hid driver contains driver code for the "Intel
Tigerlake/Alderlake PCH pinctrl/GPIO" device. Unfortunately, acpica
driver also accesses the same device on Lid open/close via ACPI AML code
of the DSDT table to read out the state of a GPIO pin connected to the
notebook lid. This would fail as I/O memory is handed out only once and
cannot be shared. The workaround disables the region check for the
specified GPIO I/O memory regions and provides both drivers shared
access to the regions.
This is a preliminary workaround. A general solution should separate the
GPIO driver into a component (e.g., platform driver) that regulates
accesses by i2c_hid and acpica.
Issue #5195
During audio and video playback at a high rate by a VMM, nitpicker on the
boot CPU may interfere with the mixer clients, letting them not finish the
schedule RPC at the mixer in time. Moving nitpicker to the same CPU as
leitzentral mitigates the effect at moment.
Issue genodelabs/genode#5174
At least on x86_64/x86_64/pc/hw|nova, the test used to fail because the net
setup sometimes required more than the 3 seconds that the test was giving each
step. This commit raises the step timeout to 5 seconds and the test timeout
from 70 to 90 seconds in order to be on the safe side.
Ref #5192
The default mixer launcher limits the volume to 50%, so raise the
driver's volume to the max to be audible on certain systems where
otherwise audio is barely recognizable.
While there, fix the wrong reporting attribute as well.
Issue #5174.
The version in ui_report and ui_config were merely used for making test output
more readable. However, there are other ways to achieve this goal.
Ref #5190
The File Vault used to sporadically fail to complete Extend or Rekey operations
when it was locked during the operation. The cause was an insufficient state
model that has been fixed with this commit.
Ref #5190
* adds rekeying and resizing controls to config+report api of file vault
* moves common types of file vault to file_vault/include/file_vault/types.h
to be included by other components
* fixes wrong type of nr_of_clients fields in file_vault
* introduces the file_vault_gui component that is a minimal graphical front end
for the file vault based on the dialog lib and that uses the
config+report api of the file vault as back end
Ref #5190
This patch addresses corner cases not considered so far. In particular,
it avoids placing the Add/Options tabs of an unscrollable popup under
the panel. This could happen in the presence of many options. The patch
includes the panel height into the calculation to rule out such
situations. It also tightens the scrolling boundaries to the visible
content.
Issue #5183
This patch handles intermediate situations where the screen mode may
become 1 x 1 (absence of any capture clients). In this case, the
decoration of a maximized window would legitimately exceed the screen
boundary.
Thanks Johannes for the investigation.
Issue #5187
Issue #5180
The blanking state is evaluated by the intel_fb driver, which will switch
off all connectors. When done, the intel_fb driver will exit and the
sculpt_manager will continue with the next step, stopping all drivers.
Issue #5180
This commit adds missing routes to I2c for the framebuffer driver of the
MNT Reform. If build for this concrete board the Board_info::Soc variable
within the sculpt_manager is initialized according to the properties of
this device. The `update_soc` routine is called in the initialization of
the sculpt_manager, otherwise it won't be called at all, if no PCI devices
changes are detected. Missing driver binaries and device-tree-binaries are
add to the run-script.
Issue #5174
A network card can be provided by PCI, and the SoC as well. Therefore,
add an additional state variable in the Board_info::Soc, and check it
appropriatedly.
Issue #5174
Commit "sculpt: safeguard the offering of suspend/resume" was too lax
about the detection of acpi support. In situations where acpi support
is selected but not yet installed, the menu would offer the features
already. This patch restricts the condition such that acpi support must
be running, not merely selected.
Issue #5174
This patch retains the buffer size of the last capture client as mode as
long as no capture client exists. This avoids intermediate mode changes
in situations like suspend/resume where the display driver is restarted.
Issue #5187
In contrast to platforms, like the PC, where the fb driver selection
is a dynamic decision depending on the available hardware, on current
ARM-based SoC machines this configuration is part of the static board
information.
Issue #5174.
This patch disables latency warnings by default. The warnings can be
enabled by setting the 'warning_rate_ms` value to the desired
maximum rate.
Fixes#5186
Issue #5174
The USB host controller gets restarted during the suspend-resume cycle.
Hence, don't offer suspend while any USB storage device is in use, in
particular when deploying Sculpt from a USB stick.
Suspend/resume is not supposed to work with any framebuffer driver other
than intel_fb. Therefore, offer the suspend feature only when using intel_fb.
Issue #5174
The automatic restart of intel_fb got lost during the transition from
the driver manager. This commit restores the heartbeat monitoring of
this driver.
Issue #5174
This patch enhances the sculpt manager to drive the system state
and manage the lifecycle of driver components during suspend-
resume cycles.
The new Power options can be found in the System menu. The suspend
and power-off controls are presented only when the acpi-support
option is activated.
Note that the USB controller is hard restarted when resuming from
suspend. Hence, all components that depend on USB are restarted
implicitely.
Issue #5180
Issue #5174
on display client close (intel_fb). The former code constructed a
temporary object on the stack, which sets up the scratch pages for the
closed client. However, the scratch page backing store (dma_buffer) gets
freed on destruction of the temporary stack object, which leads to DMA faults
with visual noise on the screen. Instead, use the already in use ggtt object
and add the scratch pages explicitly.
Issue #5180
This commits updates the contrib sources to version 8.7.1.
This version requires more random entropy as it queries OpenSSL
about the current random state and will bail if it is not sufficient.
Doubling the content of the '<inline>' VFS plugin as used in static
configurations seems satisfactory.
Furthermore DNS resolving needs a configured '<pipe>' plugin to work
properly.
Fixes#5184.
Instead of returning an invalid capability whenever an interface is
requested that does not exist, create a disconnected interface component.
It is also possible that a client requests an interface that got removed
at the same time. When an invalid capability gets returned, a client
can stumble about invoking it.
Moreover, this commit marks either invalid interface or device components
as disconnected objects to optimize their handling.
Ref genodelabs/genode#5021
This is an intermediate solution for accommodating overly long
text lines that can appear in report/runtime/usb/devices in the
presence of long product strings.
Issue #5174
In the scheduler's implementation preserve the consumed slack-time
over periods of activation/deactivation, but instead of appending
activated jobs to the end of the slack queue, insert it as new head.
Thereby, the extreme discrimination of threads with short execution
times and frequent blocking behaviour against long running computations
gets avoided.
Fixgenodelabs/genode#4796
The check handles the case when the user clicks right of the
radio-button text, yielding an invalid "matching" id. This should not
result in any action.
Issue #5174
When the "system" ROM state turns to "suspend",
the S3 state information of the sleep_states ROM are determined and
are used to invoke the privileged Pd::system_control call.
Issue #5180
triggered by the "system" ROM change. With this information the consumers
of the sleep_states report can determine, when the operation is finished.
Issue #5180
This commit raise various quota to accommodate using a display
resolution of up to '3840x2160' in the static parts, e.g. the
leitzentrale, of Sculpt.
Issue #5174.
This commit introduces the means to configure the framebuffer memory
used by the driver for sizing its buffers.
Originally the avail memory was derived from the avail ram in the PD
session, which roughly corresponds to configured RAM quota.
However, since it is only used in a virtual capacity, we can decouple
it from the actual memory and set to a value that accommodates larger
framebuffer resolutions like 3840x2160. If the configured RAM quota
is not enough to satisfy an allocation request the client will issue
a resource request.
Issue #5174.
This patch complements "sculpt: make component graph scrollable" with
the ability to scroll the popup dialog, which is sometimes needed in the
presence of many services as routing options.
Fixes#5183
Commit 'wifi_drv: re-arm scan timer when enabled again' allowed for
re-arming the scan timer but still uses the old timer value the first
time around. If the timer was disabled, by setting the interval to 0,
it was not enabled again.
We now check if the interval has changed beforehand and potentially
arm the scan timer afterwards.
Fixes#5178.
To differentiate between the legacy and the current VFS OSS plugin both
plugins will feature a 'plugin_version' field in its info file. This
is used for enabling features provide by the current version that are
not supported in the legacy one.
Issue #5167.
The audio launcher configures the 'bsd_audio_drv' component for normal
use where the micrphone selection should work on most Thinkpads.
The mixer launcher configures the 'record_play_mixer' component for
use with the 'audio' launcher and provides also examplary rules for
vbox6 launchers.
This commit prefixes the Play sessions of the audio driver so that
these can be matched differently in the 'record_play_mixer' config.
The same could be archived with re-labling but naming the sessions
differently at the source prevents accidental mis-configuration.
Issue #5167.
The IHD500 is almost a gen9 (skylake) GPU with subtle differences. Linux
maintains a separate feature set `GEN9_LP_FEATURES` for this GPU.
However, foisting the GPU as skylake on the GPU drivers seems to work
quite fine.
genodelabs/genode#5177
Executing a clflush operation on MMIO memory freezes embedded
platforms such as the Celeron N3450 used on the ZimaBlade. Looking into
the current linux code confirms that clflush is only used for ppgtt
entries and not on MMIO memory.
Fixes#5176
Since "sculpt: adjust nitpicker priority", the nitpicker GUI server no
longer runs at the highest priority, yet the runtime_view of the
leitzentrale UI continued to operate at the highest priority.
On slower machines, this results in a visible interference of the CPU-
heavy rendering of the runtime_view with the (now) lower-prioritized
nitpicker, in particular laggy pointer movements.
This commit subordinates the leitzentrale components below the priority
of nitpicker to prevent this interference.
It also simplifies the priority scheme at the static system init: The
timer has the highest priority whereas all other components use the
priority band -1.
Issue #5174
The hard resource limit introduced by "sculpt: upper limit for automatic
quota upgrading" is too conservative for typical use cases of the RAM
fs. This commit makes the limit adjustable per managed component and
relaxes the limit for the RAM fs and depot_rom from 256 MiB to 2 GiB.
Issue #5174
Because all operations in lxip are non-blocking, return
WRITE_ERR_WOULD_BLOCK for data writes as done by read.
Note: This was not the case in the old plugin because 'write' was blocking
operation there.
issue #5165
These generated dummies slipped in when the commit
'pc_linux: enable gpio, audio' got merged and mainly concern old devices
from the 6xxx series.
The functions are normally guarded via 'CONFIG_IWLWIFI_LEDS' but due to
the olddefconfig step when generating our pc_linux config using
LX_DISABLE has no effect.
Issue #5066.
Allow tweaking the driver selection using the manager config:
- The new attribute 'ps2="no"' suppresses the selection of the PS/2 driver.
- The new attribute 'intel_gpu="no"'suppresses the selection of the
Intel GPU and fb drivers, letting Sculpt fall back to VESA or boot-fb.
Note that the dynamic change of those attributes is handled in principle
but not advisable. E.g., disabling the intel driver after startup leaves
the hardware in a state that the VESA driver cannot cope with. However,
when statically defining the attributes in sculpt/manager/default, it is
now possible to build an image that uses VESA on an intel machine.
Issue #5174
The nightly Qemu tests that don't use KVM require more time for completing the
unlock-and-access phase of the test. If the lock phase starts to early, the
file access is interrupted and the output isn't as expected.
Furthermore, on FOC, the cap quota was insufficient.
Ref #5148
The existing allocation scheme of window IDs has the unwelcome effect
that a re-appearing window would not always result in a visible change
of the window list. In such cases, the layouter and decorator would not
be prompted to do their job. This effect could be observered with the
multi-dialog version of menu view in Sculpt OS when manually enforcing
the restart of the runtime_view. Sometimes the panel would not re-appear
after the restart.
This patch changes the allocation of window ID such that new windows get
fresh IDs instead of reusing an ID of a recently disappeared window.
Issue #5170
Rarely. it might happen that events got received shortly before the complete
set of relevant USB devices got recognized. Filter more output in test metric
to stay robust.
This substantially slims down the test in order to reduce the number nightly
tests that fail due to timeouts. Now, the extended test steps (maximum trees
and benchmarks) are only run on Linux. The synchronous access, snapshot
management, rekeying, and resizing tests were removed.
Ref #5148
This patch replaces the former use of one menu-view component per dialog
by a single menu view presenting all dialogs. This change reduces the
runtime config by about 20%, improves the boot time, and lowers RAM and
CPU usage at runtime.
Issue #5170
The font pointers cached in labels can become dangling when the style
database is updated, as happens when changing the font size dynamically.
This patch orderly updates the cached pointers before removing
out-of-date font entries from the style database.
Related to issue #5170
This patch equips the menu-view component with the ability to present
more than one dialog at a time. The dialogs must be declared in the
<config> node as follows.
<config>
...
<dialog name="settings"/>
</config
For each dialog, menu view requests a dedicated ROM session labeled after
the dialog name. The corresponding GUI session is also labeled as such.
Note that only one hover report is generated responding to all dialogs.
The hover report can be correlated with the hovered dialog by inspecting
the the 'name' attribute of the hover report's <dialog> sub node.
The former global config attributes 'xpos', 'ypos', 'width', 'height',
'opaque', and 'background' have become attributes of the <dialog> node.
Fixes#5170
GPU drivers always reside in the runtime subsystem now.
This patch eliminates the risk of requesting a GPU session at the
drivers subsystem, which never gets established.
Issue #5150
The new VFS OSS plugin utilizes the Record and Play session. For the
time being it is a drop-in replacement for the old plugin and shares
its limitations.
In contrast to the old plugin it is possible to force a client to
use a configured fragment size. Some clients work best with larger
fragments, e.g. VBox, where raising the minimal fragment size is
beneficial.
Please look at the README file for more information.
Issue genodelabs/genode#5167.
On some platforms like qemu/x86_64/sel4, accessing the file system is so
slow that it used to hit the timeout of this phase in the run script.
Ref #5148
This patch lays the selection of the used storage target into the hands
of the config/manager file. By default, Sculpt selects the target by its
built-in heuristics, probing for a Sculpt partition. However, by
specifying a <target> node, one can explicitly select a storage target.
E.g., for using the 2nd partition of the SATA disk connected to port 1
of the AHCI controller, one can now specify:
<target driver="ahci" port="1" partition="2"/>
For selecting the ram_fs as target:
<target driver="ram_fs"/>
The latter case is particularly useful for custom Sculpt scenarios
deployed entirely from RAM. For such scenarios, add two lines to
your .sculpt file:
ram_fs: depot
manager: use_ram_fs
The first line configures the ram_fs such that the depot is mounted
as a tar archive. The second line configures the sculpt manager to
select the ram_fs as storage target. You can find this feature
exemplified in default-linux.sculpt scenario.
build/x86_64$ make run/sculpt_test KERNEL=linux BOARD=linux
It is worth noting that the configuration can be changed at runtime.
This allows for switching between different storage targets on the fly.
Issue #5166
The new 'manager' config allows for the passing of configuration data the
sculpt manager without the need to modify the config/leitzentrale subsystem.
Issue #5166
Unlike the previous return value of
`Genode::Packet_allocator::need_size_for_free()` indicated, it does need
the size of the object it has to free to work properly.
The plugin used to call open with the create flag set at rump without file
permissions for create leading to undefined behavior regarding the file
permissions.
Ref #5148
All errors (as in the legacy version) are now propagated as WRITE_ERR_IO
(see Lxip_vfs_file_handle::write), which ultimately will lead to EPIPE
in libc's socket_fs. This also counts for EAGAIN leading to the fact
that partial writes are not supported for blocking sockets in libc, also
libc will not try a second time in case not all data has been written.
issue #5165
The IP stack checks "user" pointer access, for example, for iov's using
'access_ok' which in turn calls '__access_ok'. The function checks if the
pointer is below TASK_SIZE_MAX, which is usually a big value on 64 bit
systems, but 3GB on 32 bit systems. Because the IP stack is mostly used with
Genode's libc, where pointers on some kernels (base-linux) can be >3GB and we
don't want to make an additional copy of each buffer/iov interacting with the
IP stack, we short circuit the function
issue #5165
This patch replaces the dynamic use of Attached_rom_dataspace by a
new Rom_handler utility, which implicitly covers the initial import of
content (safely using 'local_submit'), the registration of the signal
handler, passes the Xml_node to the handler function (no need to
manually call 'update'), and provides scoped access to the content via a
'with_xml' method. The latter reinforces a programming style that does
not need to copy Xml_node objects.
Issue #5150
This patch removes the remains of the original block-device discovery as
done by the former driver manager. Block sessions are now always
provided by components hosted in the runtime subsytem. The storage node
of the graph is no more.
Issue #5150
This patch harmonizes the driver management between the sculpt manager
and the phone manager by hosting the individual drivers in a new
'Drivers' class with a narrow interface towards 'Sculpt::Main'. The
patch also introduces a clean separation of the 'Board_info' between
features detected at runtime (on PC hardware), statically
known/managed features (phone hardware), and options that can be
toggled at runtime.
With common patterns for managing drivers in place now, this commit
also moves the former runtime/wifi_drv.cc and runtime/nic_drv.cc
code to driver/wifi.h and driver/nic.h. The _drv suffix of the wifi
and nic driver components have been dropped.
Issue #5150
The move of block, USB, and input drivers from the drivers subsystem to
the runtime alleviates the need for routing those sessions between the
subsystems.
Issue #5150