Commit Graph

13356 Commits

Author SHA1 Message Date
Norman Feske
d44ec53cd3 core: tie Platform_thread to Platform_pd
This patch tightens the coupling of the 'Platform_thread' objects
with their corresponding 'Platform_pd' objects by specifying the
'Platform_pd' as constructor argument, keeping the relationship
as a reference (instead of a pointer), and constraining the
lifetime of 'Platform_pd' objects to the lifetime of the PD.

It thereby clears the way to simplify the thread creation since all
PD-related information (like quota budgets) are now known at the
construction time of the 'Platform_thread'.

The return value of 'Platform_thread::start' has been removed because it
is not evaluated by 'Cpu_thread_component'.

Related to #5256
2024-07-02 11:59:16 +02:00
Alexander Boettcher
c18f7c7594 timer: remove old timer infrastructure
Fixes #5138
2024-07-02 11:59:16 +02:00
Alexander Boettcher
462718bcf0 epit: move timer to imx repository
Issue #5138
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
969a0583ee qemu-usb: handle smaller isochronous packets
Fix the wrong assumption about isochronous packets being always send
with maximum EP's packet size. Instead the isochronous cache now contains
a sizes array to deal with arbitrary packet sizes.

Fix genodelabs/genode#5257
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
f1f2d759af libusb: re-enable timeout setting for control urbs
Fix genodelabs/genode#5259
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
73b65084e2 pin_session: add missing header
Fix genodelabs/genode#5258
2024-07-02 11:59:16 +02:00
Christian Prochaska
37e0d20bf2 qt5: adaptation to 'Genode::Region_map' changes
Issue #5245
2024-07-02 11:59:16 +02:00
Norman Feske
5a6c4d6ff2 base-hw: handle cap-slab exhaust in Thread::start
This interim solution for issue #5256 solves the problem for the
thread.run script.

Issue #5256
2024-07-02 11:59:16 +02:00
Stefan Kalkowski
d9d2a7584e base-hw: remove cortex spec directories
For consistency reasons, remove the cortex_a8, cortex_a9, and cortex_a15
spec directories. Such SPEC variables do not exist since a while.
Also rename remaining translation_table.h header to page_table.h to
stay consistent with the class names inside.

Fix genodelabs/genode#5253
2024-07-02 11:59:16 +02:00
Norman Feske
0105494223 Rework Region_map interface
- Remove exceptions
- Use 'Attr' struct for attach arguments
- Let 'attach' return 'Range' instead of 'Local_addr'
- Renamed 'Region_map::State' to 'Region_map::Fault'

Issue #5245
Fixes #5070
2024-07-02 11:59:16 +02:00
Norman Feske
d866b6b053 Remove exceptions from Cpu_session interface
The 'Thread_creation_failed' error is now reflected as
'Thread::Start_result' return value. This change also removes the
use of 'Invalid_thread' within core as this exception is an alias
of Cpu_session::Thread_creation_failed.

Issue #5245
2024-07-02 11:59:16 +02:00
Martin Stein
e7f564cd3b nic_router: use C++20 function template syntax
Fix #4534
2024-06-20 13:51:26 +02:00
Martin Stein
7d576b4f15 nic_router: re-use ARP waiters for same IP address
For each packet that got stuck with an ARP-cache miss, the router used to send
one ARP request and create one ARP waiter. However, in situations where many
packets target the same IP at one destination domain and during a short period
of time, this causes unnecessary session-quota consumption and network traffic.
This issue becomes especially pressing when taking malicious source peers,
absent destination peers, and packet batching into account.

Therefore, with this commit, the router can accumulate multiple source packets
with the same destination IP at one ARP waiter. This means, that only the first
packet with an ARP-cache for a certain IP sends an ARP request and creates an
ARP waiter. For situations where the ARP request is not answered, this
essentially rate-limits ARP requests for one IP at one destination domain
according to the lifetime of ARP waiters (default: 10s)

Ref #4534
2024-06-20 13:50:55 +02:00
Martin Stein
31a438edf6 nic_router: prevent ARP request without ARP waiter
The router used to send an ARP request for a packet before allocating the
corresponding ARP waiter. If the ARP waiter could not be allocated due to
resource exhaustion plus emergency free failed, the packet got dropped and the
router had produced unnecessary network traffic. The commit fixes this by
sending only after successful allocation.

Ref #4534
2024-06-20 13:49:53 +02:00
Martin Stein
682dedb2e1 nic_router: lower packet-batch count to 50
The previous default packet-batch count of 150 (<config
max_packets_per_signal>) was choosen with the only goal of preventing
starvation by huge amounts of packets from one session.

However, there is something else to keep in mind. A packet that is found to
require ARP sends an ARP request and becomes blocked after having consumed
resources. This means, that, in the worst case, the router used to send 150 ARP
requests and consume resources 150 times before making it even possible for the
outer world to react and cause resources to be freed.

With this additional scenario in mind, the default batch size should be
significantly lower.

Ref #4534
2024-06-20 13:49:24 +02:00
Stefan Kalkowski
e93f5fe8e0 base-hw: move imx53-specifics to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:25:06 +02:00
Stefan Kalkowski
0c8abf9b50 os: move imx sd_card driver to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
d1123ebe4c os: move imx8q_evk's i2c driver to imx repo
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
86386548c0 os: move synaptics_dsx touch driver to imx repo
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
6162eae9e0 os: move tz_vmm example to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:24:44 +02:00
Stefan Kalkowski
5a8d149fe3 hw: move all imx7d specifics to imx repository
Ref genodelabs/genode#5252
2024-06-20 13:24:41 +02:00
Alexander Boettcher
ed522d51c8 linux: use new timer scheme
Issue #5138
2024-06-20 13:19:43 +02:00
Alexander Boettcher
32c5ef32e9 foc: use new timer scheme
Issue #5138
2024-06-20 13:19:43 +02:00
Norman Feske
299951ced5 depot: update recipe hashes 2024-06-20 12:59:00 +02:00
Christian Helmuth
65957e024d Transfer 2x16 MiB in wg_fetchurl test 2024-06-20 12:56:20 +02:00
Stefan Kalkowski
f0e9ce7422 stdcxx: add missing symbol for std::basic_fstream 2024-06-20 12:56:20 +02:00
Benjamin Lamowski
e153f44ce8 libc: handle invalid file descriptors in poll()
poll(2) needs to handle invalid file descriptors in the pollfd struct,
specifically -1 as it may be used to disable entries in the fds[] array.

Fix a possible nullptr dereference by checking the File_descriptor
pointer returned by find_by_libc_fd() for validity and skip processing
of any unresolved FDs, effectively implementing standard POSIX
semantics.

Fixes #5249
2024-06-20 12:56:20 +02:00
Christian Helmuth
9d42890fbf fetchurl: remove Genode:: prefixing 2024-06-20 12:56:20 +02:00
Christian Helmuth
258c06df03 virt/lx_emul: init boot_cpu_data on x86
Values are used by arch/x86/lib/delay.c and slub allocator.

Issue #5236
2024-06-20 12:56:20 +02:00
Norman Feske
14d3c4cb5e Remove Cpu_session::State_access_failed exception
This patch removes the exception formerly thrown by 'Cpu_thread::state'
and turns the 'Thread_state' structure into a plain compound type w/o a
constructor.

Issue #5245
Fixes #5250
2024-06-20 12:56:20 +02:00
Johannes Schlatow
16b863fc6e tool/run: use xmlcatalog for xsd file paths
With libxml2 >= 2.13, the `-path` argument can no longer be used for
setting search paths for xsd files. Instead, we use an XML catalog to
replace genode:// URIs with absolute paths.

Fixes #5248
2024-06-20 12:56:20 +02:00
Norman Feske
5181d08d05 Remove exceptions from Rm_session interface
Issue #5245
2024-06-20 12:56:20 +02:00
Norman Feske
0d7d60a1f4 Remove exceptions from Pd_session interface
This patch replaces exceptions of the PD session RPC interface with
result types.
The change of the quota-transfer RPC functions required the adaptation
of base/quota_transfer.h and base/child.h.
The 'alloc_signal_source' method has been renamed to 'signal_source'
to avoid an exceedingly long name of the corresponding result type.
The Pd_session::map function takes a 'Virt_range' instead of basic-type
arguments.
The 'Signal_source_capability' alias for 'Capability<Signal_source>' has
been removed.

Issue #5245
2024-06-20 12:56:19 +02:00
Alexander Boettcher
08066269ba fiasco: update to new timer scheme
Issue #5138
2024-06-20 12:56:19 +02:00
Martin Stein
a450110b97 run/nic_router_uplinks: use test component
So far, this test used dynamic_rom for the re-configuration of the nic router
and tested for the expected ping results by inspecting the log with the run
tool. However, this approach had two issues:

* Timing differs significantly on different targets and so the dynamic_rom had
  the difficult task of compensating with heuristics without bloating the test
  duration too much.

* In case of a failing test, it was difficult to determine the cause as the
  test kept running and produced output for quite some time and there was also
  no specific error message but only a generic timeout.

These two issues are now fixed by introducing a test component that listens to
the ping-result report and manages the nic router configuration. The new
component exits early on failure and provides information on the error
circumstances. Furthermore, the component advances to the next test step only
after having seen the expected result of the active test step and thereby
removes the need for heuristics about target timing.

Fixes #5192
2024-06-20 12:56:19 +02:00
Martin Stein
a935a733ab ping: support reporting results
This feature simplifies automated testing. It was added to enable the creation
of the test/nic_router_uplink component.

Ref #5192
2024-06-20 12:56:19 +02:00
Norman Feske
24342db476 base/signal.h: remove pointers from API
This patch updates the signal API to avoid raw pointers, and
replaces the Context_already_in_use and Context_not_associated
exceptions by diagnostic messages.

Fixes #5247
2024-06-20 12:56:19 +02:00
Norman Feske
dcddeccccc app/acpi_event: update coding style
Remove exceptions, replace pointer lookup by with_ pattern,
use Xml_node::attribute_value, constness, naming of signal handlers

Issue #5245
2024-06-20 12:56:19 +02:00
Norman Feske
8a0689d832 Remove Pd_session::Invalid_signal_source exception
While changing 'Pd_session::alloc_context', this patch also tightens the
type of the imprint argument.

Issue #5245
2024-06-20 12:56:19 +02:00
Norman Feske
a52c2ce141 Remove exceptions from TRACE session interface
- Use attempt pattern for error handling
- Replace lookup of pointers by with_ pattern
- Remove virtual Trace::Session methods
- Merge client.h into connection.h
- Update coding style of test/trace

Issue #5245
2024-06-20 12:56:19 +02:00
Norman Feske
7de2f57ef2 Remove Xml_node::attribute accessors
This patch removes the two 'Xml_node::attribute' accessors along with
the 'Nonexistent_attribute' exception.

Issue #5245
Fixes #5246
2024-06-20 12:56:19 +02:00
Martin Stein
84bbde2879 nic_router: fix interface-local quota reporting
The router used to ignore the value of the <report quota=".."/> attribute when
it came to determining whether an interface's report is empty or not.
Therefore, merely configuring <report quota="yes"/> didn't cause interfaces
(and their quota) to show up in the report. Instead, interface quota was
reported as side effect of <report stats="yes"/>. The commit fixes this
inconsistency with the README.
2024-06-20 12:56:19 +02:00
Martin Stein
09b3fa389d nic_router: destroy timed out ARP waiters
The only object that is dynamically allocated by a network interface and that
was not equipped with a self-destruct timeout was the ARP waiter. This commit
closes this gap by adding a timeout to each ARP waiter that is set to 10
seconds by default but can be configured via the new <config> attribute
'arp_request_timeout_sec'.

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
20371d0445 nic_router: drop closed tcp links immediately
RFCs recommend to keep TCP connections for a certain time even after they
finished a close handshake, AFAIK, in order to be able to recognize astray
packets when they arrive later. This seems overambitious especially when in
the context of the router where session quota is pretty limited. Therefore,
this commit drops this final timeout and drops closed connections immediately.

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
58726a6707 nic_router: lower non-open tcp timeout to 30 sec
The previous value of 60 seconds was never observed in real-time scenarios and
UDP, for instance always used a timeout of 30 seconds without causing issues.
Note that this applies only to TCP connections in a state other than
ESTABLISHED, i.e., while it is still safe to early-drop the connection.

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
0a33168733 nic_router: mark tcp open only with full handshake
The TCP connection state "ESTABLISHED" (in the router "OPEN") is a privileged
one for peers because it lasts very long without any peer interaction (in the
NIC router it's only 10 minutes, but RFCs recommend not less than 2 hours and
4 minutes). Furthermore, TCP connections in this state are normally not
available for early-drop on resource exhaustion. This means that this state
binds resources to a connection potentially for a long time without the option
of regaining them under stress. Therefore, this state should be entered with
care.

Up to now, the router marked a TCP connection with this state as soon as it had
seen one matching packet in both directions, which is rather quick. However,
implementing a very precise tracking of the exact TCP states of both peers and
only marking the connection "ESTABLISHED" when both peers are "ESTABLISHED" is
a difficult task with lots of corner cases.

That said, this commit implements a compromise. The router now has two flags
for each peer of a TCP connection - FIN sent and FIN acked - and sets them
according to the observed TCP flags. The "ESTABLISHED" state is entered only
when FIN acked is set for both peers (without having observed an RST or FIN
flag meanwhile).

Ref #4729
2024-06-20 12:56:19 +02:00
Martin Stein
93c3f6371b nic_router: remove reference utilities
The Reference and Const_reference utility were introduced in order to express
that something is a reference (no null value) but can be changed dynamically
(not possible with built-in C++ references). However, the idea of preventing
every possibility for null pointer faults, with which the router was built
initially, has not prevailed and using pointers instead of the utility saves
logic and makes the code more readable to other C++ developers.

Ref #4729
2024-06-20 12:55:47 +02:00
Martin Stein
f7f171e457 nic_router: fix leak on domain deinit
The deinitialization method of Domain used to rely on Domain::with_dhcp_server
in order to dissolve and destroy a present DHCP server. However, this method
skipped calling its functor argument also when there was a DHCP server but an
invalid one. This commt replaces the with_dhcp_server with a pointer null-check
in order to fix the leak.

Ref #4729
2024-06-20 12:54:31 +02:00
Martin Stein
c96150bc70 nic_router: smarter emergency free on exhaustion
Re-implements an emergency freeing of resources on exhaustion of session quota.
In contrast to the past one, the new algorithm is executed directly where the
exhaustion occurs. Instead of interupting the packet handling and restart it
from the beginning after the freeing action, packet handling is now continued
at the point of exhaustion (if enough resources could be freed). Furthermore,
the new algorithm frees only 100 objects (instead of 1024) at a max as we found
this to better match real-life observations. And finally, the router now drops
ICMP first, then UDP, then TCP - as this better reflects priorities - and
refrains from dropping TCP connections in the ESTABLISHED state. If the router
cannot free a sufficient amount of resources, the packet that caused the
exhaustion is dropped with a warning (verbose_packet_drop="yes").

Ref #4729
2024-06-20 12:54:31 +02:00
Martin Stein
ac42ade48c nic_router: remove use of exception handling
Remove the use of C++ exception as much as possible from the router as C++
exception handling can be resource intensive and can make code hard to
understand.

This also removes the garbage collection that the router used to do when a
session ran out of quota. This is motivated by the fact that the garbage
collection was rather simple and removed connection states regardless of their
current state, thereby causing broken connections. The change is part of this
commit as the approach to integrating garbage collection relied strongly on
exception handling.

The user story behind removing garbage collection: The router emergency-dropped
an established TCP connection (with NAPT) and on the next matching packet
re-created it with a different NAPT port, thereby breaking the connection. With
this commit, existing connections are prioritized over new ones during resource
exhaustion and the packets that attempt to create a new connection in such a
state are dropped with a warning in the log (verbose_packet_drop="yes").

Note that the state resolves itself with time as existing connections time out
or are closed by peers.

Ref #4729
2024-06-20 12:54:31 +02:00