The patches disable VBOX_IGNORE_FLUSH and a sanity check in the VMDK
backend. This enables passing an explicit flush request by the guest
down to the VFS.
Fixes#3743.
The check prevents the Ttf_font from violating the bounding box in the
presence of very small scale values. This can happen during the startup
of Sculpt. Before the framebuffer driver is up, Sculpt bases its dynamic
font-size setting on a screen resolution of 1x1.
Issue #3812
* add libsparkcrypto source-recipe
* provide ALI files through a new repository by mstein and add the repo
download to the libsparcrypto port-file
* remove dependencies to non-existent contrib ADB files from the library make
files
Fixes: #3852
The sculpt manager used to defer the initialization of the GUI until
nitpicker's first display report became ready. This way, Sculpt was able
to run headlessly even if the framebuffer driver failed to start up.
Thanks to #3827, nitpicker no longer depends on a working framebuffer
driver. So the sculpt manager is safe to rely on nitpicker in any case,
simplifying the code.
Issue #3827
This is a follow-up commit to "nitpicker: make framebuffer and input
optional". It restores the dynamic mode-change support when using
'request_framebuffer="yes"' as needed in scenarios where multiple
nitpicker instances are used in a cascaded way. E.g., Sculpt's
Leitzentrale. The previous version missed to reconstruct the
'_fb_screen' on mode changes.
Issue #3812
This patch untangles the dependency of VFS operations that need RTC
information from the 'clock_gettime' libc function that must never be
called from the libc kernel context.
- The 'Rtc' class uses the VFS directly for reading the rtc file instead
of relying on libc functions.
- The 'Rtc' instance has become part of the 'Kernel' instead of
being construced as a side effect of the first call of
'clock_gettime'.
- Changed 'Rtc::read' to return a timespec value, which has a higher
precision than the formerly used time_t value.
- The 'Rtc::read' returns a value with the relative 'current_time'
already applied. The former handling of subsequent rtc-value
updates has been rewritten to become more logical.
- The 'Vfs_plugin' no longer calls 'clock_gettime' but the new
kernel-level 'Current_real_time' interface.
Issue #2635
This patch untangles the interplay of the base library and the libc
during the exit handling.
- The CXA ABI for the atexit handling is now provided by the libc.
For plain Genode components without libc dependency, __cxa_atexit
is a no-op, which is consistent with Genode's notion of components.
- The 'abort' implementation of the base library no longer calls
'genode_exit' but merely 'sleep_forever'. This way, the cxx library
no longer depends on a 'genode_exit' implementation.
- The libc provides 'atexit' support by storing metadata on the
libc kernel's heap now, thereby eliminating the former bounded
maximum number of atexit handlers.
- Shared-library dtors are no longer called via the atexit mechanism
by explicitly by the dynamic linker. This slightly changes the
call order of destructors (adjustment of the ldso test). Functions
marked as destructors are called after the atexit handlers now.
- The libc executes atexit handlers in the application context,
which supports the I/O operations in those handles, in particular
the closing of file descriptors.
Fixes#3851
For the time being, we put all spec and body files into the recipe although
there might be a (so far to us unknown) way to have only the API relevant files
in it.
Fixes#3849
* switch to a libsparkcrypto fork of m-stein
* switch to a libsparkcrypto state that makes some units pure that are used by
the consistent block encrypter, in order that the latter can become
completely pure
Ref #3849
* switch to fork of the Ada runtime provided by m-stein
* switch to a Ada-runtime state that provides the Exp_Int package (exponential
function on integers)
* adapt spark lib, symbols, and recipes to incorporate the Exp_Int package
Fixes#3848
* enable all common warnings through default value of CC_ADA_WARN
* treat warnings like errors through default value of CC_ADA_WARN_STRICT
* enable almost all style checks through default value of CC_ADA_WARN_STRICT
* style fixes for aes_cbc_4k
* disable strict warnings and style checks for libsparkcrypto and spark lib
Ref #3848
This patch prevents nitpicker from requesting a framebuffer and input
session by default because the regular use of nitpicker relies on the
capture-session and event-session interfaces by now.
For supporting the nested use of nitpicker via the gui_fb component, it
is still possible to enable the traditional behavior by explicitely
setting the 'request_input' and 'request_framebuffer' config attributes
to "yes".
Issue #3812
This remove the call to Io_progress_handler::handle_io_progress() from
wait_and_dispatch_one_io_signal() to prevent unexpected nesting
I/O-progress handling in case of custom dispatch loops (e.g., in libc).
The original intention of Io_progress_handler was to inform the
entrypoint just before blocking in the entrypoint loop.
Issue #2635
This commit applies the transition from the "Input" session to the "Event"
session to the event-filtering mechansim. The functionality of the
input_filter is now provided by the event_filter. The event filter
requests only one "Event" session as destination for the filter result,
which is usually routed to the nitpicker GUI server. It provides an
"Event" service to which any number of event sources can connect.
The configuration of the filter chain remains almost the same. Only the
declaration of the <input> nodes is no longer needed. Instead, the
configuration must specify <policy> nodes, which define the mapping of
"Event" clients (event sources) to the inputs used in the filter chain.
The patch adjusts all uses of the nitpicker GUI server accordingly such
that the event filter reports events to nitpicker's event service
instead of having nitpicker request an "Input" session. This dissolves
the dependency of nitpicker from input drivers.
Issue #3827
This patch brings the input filter into a shape that is easier to
re-mold into an event filter, reversing the client/server roles of
the component.
* The 'Sink &destination' is no longer passed as constructor argument
to the individual filters but passed as argument to the 'generate'
method. This way, the final destination does not need to exist at
the construction time of the filter chain but can be created on
the fly (clearing the way for using 'Event::Client::with_batch').
* A new 'Source::Filter' interface with the 'apply' method aids the
cascading of filters during 'generate'. The modules now implement
the 'Source::Filter::filter_event' interface instead of the
'Source::Sink::submit_event' interface.
* Since the 'Sink &destination' is no longer a member of the filter
modules, character-repeat events can no longer be emitted in an
ad-hoc way. Instead, the character-repeat mechanism now invokes
a new 'Trigger::trigger_generate' hook that prompts the execution
of the regular 'generate' mechanism by the main program.
This patch is supposed to leave the semantics of the input filter
unchanged (validated by the input_filter.run script).
Issue #3827
This is an intermediate helper component for the transition of input
servers into event clients. It works analogously to the
input_event_bridge but it connects servers instead of clients.
In particular, it can act as glue between a traditional input driver
that provides an input service and the event filter that provides an
event service. Thanks to this component, each driver can be migrated to
the event-client interface individually.
Issue #3827
- base/cancelable_lock.h becomes base/lock.h
- all members become private within base/lock.h
- solely Mutex and Blockade are friends to use base/lock.h
Fixes#3819
This patch replaces the use of the "Framebuffer" session interface by
the new "Capture" session interface in all framebuffer drivers. Thanks
to this change, those drivers have become mere clients of the nitpicker
GUI server now, and are no longer critical for the liveliness of the GUI
server.
The patch touches the following areas:
- The actual driver components. The new versions of all drivers have
been tested on the respective hardware. Generally, the drivers
have become simpler.
- The drivers_interactive packages for various boards. The drivers
subsystem no longer provides a "Framebuffer" service but needs a
valid route to the "Capture" service provided by nitpicker.
- The driver manager of Sculpt OS.
- This patch changes the role of the test-framebuffer component from a
framebuffer client to a capture server so that drivers (capture clients)
can be directly connected to the test component without the nitpicker
server.
- Framebuffer driver no longer support the unbuffered mode.
- The fb_bench.run script is no longer very meaningful because it
interplays solely with nitpicker, not with the driver directly.
- All run scripts for graphical scenarios and the related depot
archives got adapted to the change.
Fixes#3813
This patch replaces meta-data allocation during the resize handling by a
new 'Resizeable_texture' type that has all meta data preallocated.
It also replaces the use of pointer return values with the
'Resizeable_texture::with_texture' method.
Issue #3812
Nitpicker used to unconditionally request a framebuffer and input
session. With the transition to the new capture/event session
interfaces, this built-in policy does no longer suffice.
This patch introduces the attributes 'request_framebuffer="yes"' and
'request_input="yes"' (with the default values shown) to nitpicker's
<config> node. If setting those attributes to "no", nitpicker won't
request a "Framebuffer" and "Input" session respectively.
Issue #3812
In the presence of potentially multiple output back ends, this
dirty_rect state must be maintained individually per back end. Instead
of storing the dirty_rect as view-stack member, the view stack now calls
a new 'Damage::mark_as_damaged' interface, which allows nitpicker to
propagate this information to multiple back ends. Unfortunately, the
patch must remove the per-view dirty_rect state.
Issue #3812
This patch simplifies the internal naming of the nitpicker GUI server as
a preparatory step for adding support for the capture session interface.
Issue #3812
_timestamp() returns CPU local values which may not be in sync with _ts
taken from another CPU. Be robust and don't produce wraparound/negative
timeout values.
Issue #3657
* Differentiate in between different architectures with assembler routines
for correct measures
* Automate first step measuring of 10G bogomips across different hardware
Fix#3785
Until now, Genode's framebuffer session interface was based on the
RGB565 pixel format. This patch changes the pixel format to 32-bit
XRGB where the X part is ignored. It adapts all graphical applications
and device drivers accordingly.
The patch also adjusts the users of the drivers_interactive packages,
assigning 64 MiB RAM and 1500 caps to the drivers subsystem, which is
sufficient for covering high resolutions at 32 bits per pixel and to
accommodate multi-component USB HID input stacks.
Fixes#3784
The 'vfs_block' component will give access to a VFS file through a
Block session. For more detailed information please look at its
README.
(On a technical note, the server currently only allows for one
active session and has only one pending back end request but can
easily be extended in the future.)
Fixes#3781.
Setting the 'size' attribute will restrict a reader to consume
0s up to the specified amount per VFS handle. The attribute is
parsed as 'Number_of_bytes', which will limit the amount to the
maximum of the addressable memory on the platform.
This addition comes in handy when needing to provide a synthetic
empty file with a fixed size.
Issue #3781.
So far the condition whether to spawn a new job or not depended on
the amount of data already processed. This could lead to spawning
more jobs than necessary if batching is used and in return could
result in creating invalid requests in case the tested block session
is not large enough.
In addition to checking the amount of data the test now stores the
number of the last block and checks if the current request is in
range. This properly limits the total amount of requests.
Issue #3781.
The seek offset has to be updated on partial writes according to the
current write position. Otherwise writes will override the content
at the initial offset.
Fixes#3780.
This commit fixes the 'Out_of_caps' handling. The previous version
mistakenly upgraded the RAM instead the caps as response. The problem
could be triggered by the 'decorator_stress.run' script.
The blit API archive missed the CPU-architecture-specific variants of
the blit library such that all depot binaries worked with the generic
(slow) fallback implementation. This patch adds the missing pieces to
the blit API archive.
Up to now all pthreads get placed on one CPU.
The patch adds support to evaluate a libc pthread configuration specifying
a placement strategy.
The default strategy is now to use all available CPUs as imposed by Genode's
affinity configuration for the pthread application.
The old behaviour, putting all pthreads on one single cpu can be still
configured by:
<libc>
<pthread placement="single-cpu"/>
...
</libc>
Fixes#3775
To enable logging of ROM session deliveries, set the "diag" on
session routes:
<route>
<service name="ROM" label_prefix="/bin/">
<child name="cached_fs_rom" diag="yes"/>
</service>
…
<route>
Fix#3772
Make the framebuffer driver for pl11x chipsets,
the ps2 input driver for pl050, and the lan9116 NIC driver independent from
the pbxa9 board by using the newly introduced common ARM platform driver API.
Ref #3299
* Remove input driver specific to i.MX53 tablet board from QSB driver pkg
* Move GPIO settings for QSB LVDS backlight out of framebuffer driver into
GPIO driver config
* Move PWM driver functionality out of framebuffer driver
* Make framebuffer driver configureable, and less dependent on
platform driver i.MX53 specifics
base-linux uses seccomp to reduce the available system calls
to the minimum set needed to run base-linux. There are still
some syscalls that allow accessing global state which should
be further reduced.
The combination of seccomp and socket descriptor caps should
provide an intermediate level of security for base-linux
thereby enabling base-linux as a migration path from using
the Linux kernel to the use of microkernel-based Genode.
Fixes#3581
Add the option to configure the RAM quota for core on base-linux.
The environment variable GENODE_RAM_QUOTA if it exists is interpreted
as number of bytes to provide to the first init.
Issue #3762
- Since Genode::strncpy is not 100% compatible with the POSIX
strncpy function, better use a distinct name.
- Remove bogus return value from the function, easing the potential
enforcement of mandatory return-value checks later.
Fixes#3752
This patch is a workaround for the missing implementation of
'Pd_session::transfer_quota' interface by the GDB monitor's PD service.
The missing implementation becomes problematic with the changes of #3750
that enabled the cap-quota accounting for core's CPU service.
In regular scenarios without the GDB monitor, the client of
'Cpu_session::create_thread' deals with Out_of_caps or Out_of_ram by
upgrading the CPU session's cap and RAM quotas. This, in turn, results
in a sequence of 'transfer_quota' operations at the parent.
Since GDB monitor implements a custom PD service, these 'transfer_quota'
calls try to transfer quota between sessions provided by core and those
provided by the GDB monitor. This does of course not work. To fix this
issue, the GDB monitor needs a major overhaul. This patch side-steps
the problem by handing Out_of_caps and Out_of_ram from the debuging
target.
As discovered by Johannes Kliemann, peeking at buffered socket data
using 'recv' and 'MSG_PEEK' is not supported. Read a "peek" control file
from the socket directory to attempt to peek into buffers at the
socket_fs. Support for every feature of POSIX sockets cannot be
expected, but this one is trivial to implement.
Fix#2875
The driver always opens the audio device in duplex mode, i.e.,
playback and recording. Setting the 'playback' or 'recording' attribute
only influnces the service announcement. Due to changes made in a more
recent OpenBSD release recording must be set enabled explicitly anyway.
Since we already provide the interface that mirrors the one used by
OpenBSD 1:1 in the configuration use that and the remove the additional
config attributes.
Fixes#3757.
The former ldso-startup static library (now called ldso_so_support) is
used to spice each shared object/library with local support code for the
dynamic linker (execution of static constructors and ARM-EABI).
Therefore, the library must be statically linked to each dynamic
library.
As a result recipes for dynamic libraries must always depend on the "so"
API, which makes ldso_so_support.mk and so_support.c available
independent of "base". Additionally, ldso_so_support is also provided in
the libc API to cut the dependency early for libc/posix libraries.
Issue #3720
If a "cat" tool as simple as the removed one is needed, it should be
implemented with Goa, only depend on libc/posix (*not* base), and be
named "simple_cat". Up to today, the misleading naming of the removed
tool, tricked me into believing "test-pipe" tests POSIX pipes, which it
did not!
This patch fixes the handling of the corner case where the allocation of
a trace buffer throws 'Out_of_caps' or 'Out_of_ram'. Under this
circumstance, the '_buffer' would still be flagged with the 'size',
which prevented any subsequent allocation attempt. This patch fixes the
problem by initializing the 'size' after the potentially throwing
allocation.
The problem triggered with the test-trace_logger after the accounting of
core's TRACE service (replacing the 'Allocator_guard' by
'Constrained_ram_allocator') became more accurate.
Related to issue #3750
The 'WHITESPACE' case of the _calc_len method wrongly accessed the
character before checking upper bound of the token. The problem is fixed
by switching the order of both conditions.
Fixes#3756
This patch removes old 'Allocator_guard' utility and replaces its use
with the modern 'Constrained_ram_allocator'.
The adjustment of core in this respect has the side effect of a more
accurate capability accounting in core's CPU, TRACE, and RM services.
In particular, the dataspace capabilities needed for core-internal
allocations via the 'Sliced_heap' are accounted to the client now.
The same goes for nitpicker and nic_dump as other former users of the
allocator guard. Hence, the patch also touches code at the client and
server sides related to these services.
The only remaining user of the 'Allocator_guard' is the Intel GPU
driver. As the adaptation of this component would be too invasive
without testing, this patch leaves this component unchanged by keeping a
copy of the 'allocator_guard.h' locally at the component.
Fixes#3750
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.
Related to issue #3581
The sandbox library supports the forwarding of session requests from the
outside to one of the hosted children according to a policy. This patch
introduces the distinction between two cases, which previously triggered
the denial of the session request.
- There exists no matching policy for the requested session
- There exists a matching policy but the referred server child
does not exist (yet)
Whereas the proper response to the first case is the denial of the
request, the second case can occur in situation where a dynamic init is
used to implement a staged startup, for example via the deploy
mechanism. In such cases, a policy may exist as a static rule while the
server has not been started yet. This patch changes the behavior such
that such requests are stalled.
The patch is accompanied with test cases for exercising both situations.
Fixes#3733
If trace is enabled for component than an attempt to put message into
trace buffer is performed using log_output policy. If it succeeds than
message is not put to logs using log service.
Fixes#3714
On Linux, Genode used to represent each RPC object by a socket
descriptor of the receiving thread (entrypoint) and a globally-unique
value that identifies the object. Because the latter was transferred as
plain message payload, clients had to be trusted to not forge the
values. For this reason, Linux could not be considered as a productive
Genode base platform but remained merely a development vehicle.
This patch changes the RPC mechanism such that each RPC object is
represented by a dedicated socket pair. Entrypoints wait on a set of
the local ends of the socket pairs of all RPC objects managed by the
respective entrypoint. The epoll kernel interface is used as the
underlying mechanism to wait for a set of socket descriptors at the
server side.
When delegating a capability, the remote end of the socket pair is
transferred to the recipient along with a plaintext copy of the
socket-descriptor value of the local end. The latter value serves as a
hint for re-identifiying a capability whenever it is delegated back to
its origin. Note that the client is not trusted to preserve this
information. The integrity of the hint value is protected by comparing
the inode values of incoming and already present capablities at the
originating site (whenever the capability is invoked or presented to the
owner of the RPC object).
The new mechanism effectively equips base-linux with Genode's capablity
model as described in the Chapter 3 of the Genode Foundations book.
That said, the sandboxing of components cannot be assumed at this point
because each component has still direct access to the Linux system-call
interface.
This patch is based on the extensive exploration work conducted by
Stefan Thoeni who strongly motivated the inclusion of this feature into
Genode.
Issue #3581
Older ARM processors like ARMv6, or Cortex A8 need to write back changes
of the page-tables to physical ram because the MMU does not use the cache.
This naturally needs to be done not only when adding a mapping,
but on removal too.
Fix#3715
The topics are either covered by the Genode Founations book for by our
tools, in particular the integration of the prepare_port mechanism with
the run tool.
- don't use 'qemu -serial mon:stdio' anymore as it no longer works as
expected
- use "bash -l" with [terminal] to read user's profile configuration,
e.g., PATH settings
- added missing boot modules and cap quotas
This commit puts all C++ runtime/support symbols of ld.lib.so in a
dedicated section of base/lib/symbols/ld and mirrors the section to
libports/lib/symbols/libc. So, the libc ABI resolves potential C++
runtime dependencies of base-ABI-agnostic components at link time. The
runtime resolution is done by the linker by symbol lookup in ld.lib.so.
Issue #3720
config_0.xml.tmp:26: element config: Schemas validity error :
Element 'config': Character content other than whitespace is
not allowed because the content type is 'element-only'
Issue #3612
This patch increases the default limit of the maximum number of open
file descriptors to the hard limit of the system. This is needed for
complex scenarios, which require more FDs than the default of 1024
at core.
Related to issue #3581Fixes#3721
This commit fixes a regression introduced by "window_layouter: add
dynamic screen handling", rendering the sub-division of screens in
columns and row unusable. The said commit removed a condition needed
for the correct window placement. This patch restores the condition.
Issues #3646
This patch also introduces the use of the RTC for creating directory
names and increases the rate of snapshot creation from 10 seconds to
one minute to make sure that directories are named differently when
reading the RTC clock at granularity of minutes.
Issue #3696
This patch avoids calls of '__sys_getstatfs' (indirectly via
'getmntinfo'), which does not return any meaningful values in Genode's
libc. Otherwise, the libc's dummy implementation prompts resize2fs to
back out.
Issue #3696
This patch makes the e2fsprogs 'mke2fs' and 'resize2fs' available as
standalone components that can be used by Sculpt OS directly without
a Unix emulation environment.
As a result of the API change the memory handling could be simplified.
Since the Block session dataspace is now directly used for DMA, we
actually only have to provide the memory for setting up PRP lists for
large requests (for the moment more than 8 KiB of data).
As we limit the maximum data transfer length to 2 MiB, we get by with
just a page per request. Those memory is allocated beforehand for the
maximum number of I/O requests, which got bumbed to 512 entries. Since
not all NVMe controllers support such large a maximum data transfer
length and this many entries, especially older ones, the values are
capped according to the properties of the controller during
initialization. (The memory demands of the component are around 3 MiB
due to setting up for the common case, even if a particular controller
is only able to make use of less.)
(Although there are controllers whose maximum memory page size is more
than 4K, the driver is hardcoded to solely use 4K pages.)
In addition to those changes, the driver now supports the 'SYNC' and
'TRIM' operations of the Block session by using the NVMe 'FLUSH' and
'WRITE_ZEROS' commands.
Fixes#3702.
The former scheme left open a race window between
_process_incoming_signals() and wait_and_dispatch_one_io_signal()
resulting in both threads calling block_for_signal() and blocking
forever with one unprocessed signal.
Fixes#3704
This patch adds support for booting base-hw kernel on qemu-arm virt
machines. The arm_virt machine has 2GB of RAM, 2 Cortex A15 cores and
uses GICv2 interrupt controller. The arm_64_virt machine also has 2GB of
RAM, but has 4 Cortex A53 cores and uses GICv3. Both machines use PSCI
to boot additional CPU cores.
Fixes#3673
So far this only exposes two functions allowing the code to turn on
additional CPUs. There is much more functionality defined by PSCI spec
but so far its not needed by Genode.
Fixes#3672
The update modification timestamp is implemented as one-shot where
the caller is expected to try again if the first attempt failed (see
current libc implementation). So the message is misleading as further
attempts might succeed.
Issue #3713.
This patch fixes a regression with run/log_core introduced by
2064ffd64b nova: support multidimensional affinity space
The run tool uses a log message 'run_boot_string' to detect successful
boot as well as to detect unexpected reboots. This message should never
be logged twice and, thus, should not be part of the core_log. The patch
mentioned above moved the former run_boot_string after the core_log
initialization.
This is a follow-up fix for commit 202333c881.
It checks for the diagnostic registers being already setup correctly.
Otherwise on platforms with secure firmware, like Pandaboard it will stuck.
Ref #3639
ASLR collides with the libc's fork mechanism on 32-bit. In particular,
the tool_chain_auto.run scenario would sporadically fail while mirroring
the parent's address space.
Fixes#3710
This is needed to execute the tool-chain scenario on base-nova.
Otherwise, the fork mechanism stumbles upon a region conflict
between ldso allocations and the application heap.
Fixes#3706
This patch reflects the Out_of_caps exception from core to the client,
in addition to the already covered Out_of_ram exception. It thereby
eliminates a potential abort in core, which I observed with the
tool_chain_auto.run script:
Kernel: RPC upgrade_cap_slab
Error: Uncaught exception of type 'Genode::Quota_guard<Genode::Cap_quota>::Limit_exceeded'
Warning: abort called - thread: entrypoint
In addition to propagating the exception, the patch add the client-side
exception-handling code to the base library.
Fixes#3703
This run script is outdated and not regularly tested. In fact, the
tested mechanism (obtaining values from a '.sysctl/' directory) is
nowhere to be found, neither in noux nor the libc. The test still
returns success as it merely checks for the completion of the sequence,
not the printed results. Hence, it is not worth preserving.
Issue #3696
This run script tested the terminal VFS plugin as a new feature of noux.
In the meantime, the plugin remains as the only way for the interaction
of command-line-based applications with the terminal session. Hence,
the mechanism is now stressed by many other scenarios.
Issue #3696
This patch prefixes a few symbols in the make binary that are offered by
both the libc and the make binary. The clash of symbol names produces
confusing runtime linkage otherwise. This becomes a problem during
fork/evecve.
This patch reduces the size of session labels for all services other
than LOG, keeping only the last element. This avoids exceeding the
maximum label length in the presence of deep fork hierarchies, e.g., for
running the tool chain.
Fixes#3700
When the last writer closes the pipe, we must trigger the I/O progress
handler to deliver the final EOF to the client (READ_OK with out count
of 0).
Fixes#3697
This patch replaces the former Noux instance by a sub init that hosts
the combination of VFS + fs_rom + bash. If bash exits, the whole sub
init exits, which implicitly tears down the terminal session used by the
sub init. The latter is expected by the test sequence.
Issue #3696
The tar vfs plugin returns an inode value of zero and a type directory
for null records, which wrongly triggers the file-system loop detection
of the find utility. This patch returns the node pointer as inode value
instead, which is a unique value.
Fixes#3695
This patch changes the 'Single_file_system' to return NO_PERM only if
the to-be-unlinked file corresponds to the single file. This way, a
<rom> co-mounted with a <ram> file-system does not stand in the way of
unlinking files from the <ram>. The concrete symptom occurred the
following scenario:
<vfs>
<dir name="home">
<ram/>
<rom name="..."/>
</dir>
</vfs>
The following sequence of commands wrongly resulted in "Operation not
permitted":
$ mkdir -p /home/a/b/c
$ rm -f /home/a/b/c/d
In this case, rm should not fail (unlink should return ENOENT)
Fixes#3690
When updating the domain object of interfaces that stay with the same domain
during a reconfiguration, until now, the normal "detach raw" function was used.
This caused the old domain object to discard a dynamic IP config as all
interfaces detached. This caused interfaces also to discard network links
established with the old configuration although it wasn't necessary. Thus, now
we use a dedicated "detach" in case that an interface actually stays with its
domain. This new "detach" doesn't decrease the interface counter of the domain,
so, it'll not discard its dynamic IP config. If, however, during a
reconfiguration, there's no interface calling this function (all interfaces
move to another or no domain), the dynamic IP config is still discarded as
expected.
Fixes#3686
Until now, the DHCP client was called also for DHCP requests when an interface
had a domain but yet no IP config. Now, an interface distinguishes between DHCP
requests and replies first and then accordingly calls the DHCP server or the
DHCP client if they're available. This also prevents that the DHCP client has
to handle packet headers other than that of DHCP.
Fixes#3681
Let the DHCP client be a constructible member of Interface that is constructed
only as long as the interface is attached to a domain with a dynamic IP config.
This prevents DHCP client timeouts from a period with dynamic IP config to
trigger after a reconfiguration to a static IP config. Furthermore, handle
DHCP-reply packets at an interface only when the DHCP client its constructed.
Otherwise drop such packets.
Ref #3681
This commit fixes the following issues regarding cache maintainance
under ARM:
* read out I-, and D-cache line size at runtime and use the correct one
* remove 'update_data_region' call from unprivileged syscalls
* rename 'update_instr_region' syscall to 'cache_coherent_region' to
reflect what it doing, namely make I-, and D-cache coherent
* restrict 'cache_coherent_region' syscall to one page at a time
* lookup the region given in a 'cache_coherent_region' syscall in the
page-table of the PD to prevent machine exceptions in the kernel
* only clean D-cache lines, do not invalidate them when pages where
added on Cortex-A8 and ARMv6 (MMU sees phys. memory here)
* remove unused code relicts of cache maintainance
In addition it introduces per architecture memory clearance functions
used by core, when preparing new dataspaces. Thereby, it optimizes:
* on ARMv7 using per-word assignments
* on ARMv8 using cacheline zeroing
* on x86_64 using 'rept stosq' assembler instruction
Fix#3685
This depot package is the runtime for rtc_drv and system_rtc server with
coordinated update of system and hardware RTC via reports. It replaces
drivers_rtc which was never freestanding drivers package and, therefore,
has to be accompanied with a running platform_drv etc.
Fixes#3680
- use two disks with two partitions each
- one disk uses MBR and one GPT
- connect one 'part_block' to each disk
- run 'block_tester' and 'test-block-client' connecting to one partiion
on each disk
- x86 uses 'ahci_drv' as disk back-end, Linux 'lx_block'
- on autopilot enable for Qemu only
issue #3671
Formerly, _next was always updated to the last free'd allocation, which
left large gaps on alloc/free bursts. Now, we try keep allocation
density high from the start of the array and ensure that allocations
happen at the lowest available index in the bit array.
Fixes#3679
The function is exposed in libc headers provided by Genode, the code for
the function is being compiled and actually works, but the symbol is
missing from the symbols file resulting in linking failures. Add it to
the libc symbols file.
Fixes#3676Fixes#3677
This patch increases the Sculpt version to avoid the risk of binary
compatibility clashes with index files published for the just-released
Sculpt 20.02 version.
Without this patch, the text area would mistakenly delete the characters
types after placing the cursor with the mouse as soon as shift is used
as modifier.
- Don't reset sculpt partition on USB changes whenever ram fs is
selected for use.
- Reconfigure runtime immediately when plugging USB devices.
This prevents the usb-block driver and part_block from
dangling in the graph. They disappear immediately now.
This patch restores the anchoring of the popup menu to the original
behavior, placing the popup to the right of the '+' button. The
anchoring got lost due to the recent structural changes of the GUI,
which affect the hover XML structure.
The new implementation relieves the main entrypoint from monitor jobs
for contended lock primitives and is based on custom applicant data
structures, per-lock resp. per-semaphore applicant lists, and a
libc-internal blockade with timeouts based on libc kernel primitives.
This patch makes the 'with_raw_node' method more useful in situations
where content of an Xml_node is fed into an Xml_generator, i.e., the
rules report/rom mechanism of the window layouter.
The applicant_to_wake_up() member must be initialized to 0 to keep the
same semantic as before the change by
"base: add mutex as derivate of lock"
Issue #3662
Be less rigid when checking for available network to support
setups where the uplink or depot repositories are provided by
another source than "wired" or "wifi" NIC services,
e.g., a virtual machine with pass-through network device.
net:
* increase queue size to 1024 (more stable on Linux)
* use mac address from Nic session instead of random one
* handle data that is larger than rx descriptor correctly (copy less)
* clear descriptor header (12 bytes) on rx
generic:
* always use 'avail_idx' (tx and rx)
* added barriers when reading/writing queues (TMP)
Ref #3620
We do not use the VMM with several CPUs until now.
On the other hand there is a dead-lock due to the
generic timer calling the cpu handler function explicitly,
which already holds the lock. For the time-being remove the lock.
Ref #3620
The new text_area component is able to view and edit files.
Internally, it employs a menu_view for the graphics output.
Only basic notepad-like text-editing functions are supported.
At the current time, it is solely meant as a companion of the Sculpt
manager.
Issue #3650
This patch improves the robustness of menu_view when encounting missing
textures, which can happen during development when using styled buttons
and frames. With the patch, menu_view outputs diagnostic messages,
pinpointing the problem.
The patch also updates the texture handling to use the 'File_content'
utility and the VFS for obtaining PNG images.
Issue #3629
This patch allows for the customization of the text color and alpha
value of the label widget by the means of a style-definition file.
The mechanism is exemplified with the new "invisible" label style
that sets the alpha value to zero.
Issue #3629
- use Job API as block connection back end
- use Request_stream API as front end
- use Mmio framework for gpt and mbr parsing
- implement sync correctly
fixes#3652
Generated a separate 'config.h' for arm, arm_64, x86_32, x86_64 for the
current version (6.1.2) of GMP. This became necessary because
configurations differ for each architecture.
'config.h' generaton on x86_64 host in'gmp-6.1.2' directory:
for x86_64 (native):
! configure
for x86_32:
! configure --host=x86-pc-linux-gnu --build=x86_64-pc-linux-gnu
for arm:
! configure --host=arm-linux-gnu --build=x86_64-pc-linux-gnu \
! CC=/usr/local/gcc-linaro-arm/bin/arm-linux-gnueabi-gcc ABI=32
for arm_v8:
! configure --host=aarch64-linux-gnu --build=x86_64-pc-linux-gnu \
! CC=/usr/local/gcc-linaro/bin/aarch64-linux-gnu-gcc ABI=64
issue #3598
This commit adds dynamic switching in between different defined
screens via keyboard shortcuts, or by editing the rules file.
In the window_layouter package it defines per default ten screens,
reachable by pressing the screen key along with numbers 0-9.
Fix#3646
The mutex class is more restrictive in usage compared to
Genode::Lock.
- At initialiation time it is ever unlocked.
- No thread is permitted to lock twice. Warn about it
in case it happens.
- Only the lock onwer is permitted to unlock the mutex.
Warn about it and don't unlock the mutex in case it happens.
Issue #3612
In preparation of ipc receive, by now a bunch of capabilities got
allocated to be ready iin case of capability receiption. After that
unuse slots were freed again. This overhead of senseless (de-)allocations
is replaced in this commit by just restock capability slots that got
used by the last receive.
Fix#3640
Error return codes are used with non-const functions in the signaling modules.
This would have been impractical for the in-place translation of the module to
Ada in the context of the Spunky project. Besides, it is easy to get rid of
them and it makes the execution flow more clear.
Ref #3308
Besides reducing the use of pointers in base-hw, this prepares for the in-place
translation of the signaling module to Ada in the context of the Spunky
project.
Ref #3308
This prevents the use of Kernel::Object as base class for the specific kernel
objects and instead makes it a member of the kernel objects. Besides
simplifying inheritance hierarchies in base-hw, this prepares for the in-place
translation of the signaling module (and others) to Ada in the context of the
Spunky project.
Ref #3308
Besides simplifying the execution flow in the signaling module, this prepares
for the in-place translation of the signaling module to Ada in the context of
the Spunky project.
Ref #3308
This prevents the use of C++ features in the public method interface of the
synchronous-IPC module that would be impractical for the in-place
translation of the module into Ada in the context of the Spunky project.
* Get rid of thread accessor.
* Get rid of non-const functions with return values.
* Get rid of pointer return-values.
Ref #3308
Besides simplifying inheritance hierarchies in base-hw, this prepares for the
in-place translation of the synchronous-IPC module to Ada in the context of the
Spunky project.
Ref #3308
This is a simplication of the asyncronous-IPC module of the base-hw kernel.
Besides structuring the code in a cleaner way, it prepares for the in-place
translation of the module into Ada in the context of the Spunky project.
* Get rid of virtual methods in Ipc_node.
* Move all stuff related to protection domains, capabilities, and UTCBs to
the Thread class. this code might later be moved to a dedicated module, but
for now it's just fine to have it done by the thread module.
Ref #3308
Moved code waking up processors for Cortex A53 before changing privilege
level because sending events to higher privilege levels is not allowed.
Fixed enable_mmu for Cortex A53 to properly return cpu id.
Fixed starting code for secondary cores to properly initialize stacks.
Added code to wake up secondary cores on rpi3.
Ref #3573
We cannot count on the correct initialization of the diagnostic register
of the secondary cores. But the boot core gets initialized by the bootchain,
so we can copy over those values.
Fix#3639
If the root child requests a LOG service with the label "unlabeled" then
return a LOG session that logs unprefixed messages. This allows a external
test controller to recognize log messages produced by a blessed component.
This new attribute can be used to enforce a minimum width in the unit of
the size of the character 'x'. Furthermore, the patch sets the minimum
height of a label to 0 if no 'text' attribute is present. By combining
both features, the label becomes usable as a horizontal spacer.
Issue #3629
This patch refines the hover handling such that a float widget never
responds to hovering unless a child is hovered. This way, it becomes
possible to stack multiple float widgets within one frame and still
reach all child widgets.
Issue #3629
Similarly to the way of how a <cursor> can be defined for a <label>
widget, a selection can be expressed as follows:
<label ...>
<selection at="2" length="12"/>
</label>
Issue #3607
Issue #3629
When setting the <dialog> attribute 'hover_details' to "yes", the hover
report features the character position of a hovered label.
Issue #3607
Issue #3629
This patch equips the label widget with the ability to display a text
cursor, as illustrated by the following example:
<label text="...">
<cursor at="10"/>
</label>
Issue #3607
Issue #3629
The value range supported by the 'Animated_rect' utility is constrained
to 2^11 by the used 32-bit integer type. The interpolation is performed
on fixpoint numbers with a fractional precision of 10 bits. The
non-linear interpolation as performed by the 'Lazy_value' utility
involves squaring the values. Hence, the interpolated integral values
must not exceed 2^11 (2*11 bits for the square plus 10 bit for the
fractional part require 32 bits). This range is too small for
high-resolution displays. Hence this patch replaces the 32-bit integer
type by a 64-bit integer type.
Fixes#3627
The wm used to remember the last pointer position when observing a leave
event. With such a stale pointer position, the wm would eventually
wrongly create an artifical motion event when a supposedly hovered
window changes its position (during an animated move). This can lead to
the propagation of the stale pointer position to the wm client, which,
in turn, may interpret the outdated position (e.g., the menu view would
report a wrong hover state).
This patch removes the stale state by resetting the '_pointer_pos' when
observing a leave event.
Fixes#3632
When specifying "/" or "" as rel_path to the 'Directory' constructor,
the constructed directory should refer to the same directory. The
implementation of the join utility did not consider this corner case. It
occurred during the attempt to use fs_query with "/" given as path.
This patch also adds a Directory::Entry::dir accessor that returns true
if the entry is a directory.
Fixes#3630
By writing out all dangling characters at destruction time, the
'Buffered_output' utility can be used as a local variable rather
than a long-living object.
Besides updating to a newer version the update adds the AC97 ICH driver
and addresses shortcomings with the OpenBSD emulation environment:
* Fix 'delay(9)' implementation - it now properly uses 'us' as unit,
which results on faster initialization of the drivers.
* Fix LOG output that got lost during commit f23579532 and bring over
the printf implementation from dde_linux for more structured
printing.
* As said the driver now recognizes the AUICH devices. So far it was
only tested with the device model in VirtualBox where it produces
stuttering audio, investigating the cause is still ongoing.
Fixes#3641.
- Remove dated 'Block::Driver' front end and implement
'Block::Request_stream' front end
- Remove all dynamic memory allocations but DMA memory allocations
- Remove 'Platform_hba' and implement platform specific functions in
'spec/<platform>/*'
- Ata and Atapi don't inherit from 'Port' any more, but are a member of
'Port' as a protocol implementation
- Use platform driver for MMIO mappings (x86)
- Exchange stateful initialization of Ata/Atapi with a sequential
initialization using 'wait_for_any' and 'retry' patterns
- Fix Atapi initialization by setting the byte count limit
- Set FIS receive base only when Cmd::FRE is disabled and Cmd::FR is 0
- Put everything in namespaces ('Ahci', 'Ata', or 'Atapi')
- Ata decides during read/write operations to use native-command queuing
or normal DMA requests
- Remove port claiming logic (is now done via 'Constructibles')
fixes#3636
The libc monitor facility enables the execution of monitor jobs by the
main thread when the monitor pool was charged. In comparison to the
current suspend/resume_all mechanism the main thread iterates over all
job functions in contrast to waking up all threads to check their
conditions by themselves. Threads are only woken up if the completion
condition was met.
This commit is the result of a collaboration with Christian Prochaska.
Many thanks for your support, Christian.
Fixes#3550
sleep(), usleep(), and nanosleep() now return immediately on
zero-timeout. Also, non-zero timeouts sleep at least 1 ms (the current
minimal timeout in libc), which compensates rounding errors.
Issue #3550
The ARP destination MAC was set to the Ethernet source MAC which is not
necessarily the MAC of the other ARP peer. Instead use the ARP source MAC of
the ARP request.
Instead of listening for new TCP/IP connections only,
the TCP terminal connects to a server when an IP address is
configured in the policy for a terminal client.
Fix#3619
If the suspend method for the main thread detects that the suspend
condition is false it must return the passed timeout value (not always
0). Otherwise, the caller may incorrectly assume the timeout expired.
Especially the initial reset ended up with an unusable keyboard in rare
cases before. This commit disables keyboard and mouse handling of i8042
during command sequences according to a note from
https://www.win.tue.nl/~aeb/linux/kbd/scancodes-12.html
The new utility can be used to revert quoted XML attribute values.
Such quoting is needed whenever an attribute value can contain '"'
characters. E.g., in the menu_view's <label text="..."> widget.
Issue #1757
If the ROM service returned in invalid dataspace, reflect this condition
via a size of zero instead of triggering an exception of type
'Reconstructible<Attached_dataspace>::Deref_unconstructed_object'.
Issue #3606
An invalid ROM dataspace can occur, for example, when requesting a ROM
from the report_rom service before the first report was posted. Such a
<rom> node can still be useful if it's dynamic. E.g., it can be watched.
Hence, the corner case of an invalid ROM dataspace should be gracefully
handled instead of causing an abort.
Issue #3606
This patch adds a special variant of a 'Content_producer' called
'Xml_producer', which allows the direct use of an 'Xml_generator'
for generating the ROM-module content.
This patch extracts the child-management functionality from the init
component into a new library called "sandbox". The library API is
located at 'os/include/os/sandbox.h'.
The sandbox API allows for the interaction of the component with the
sandboxed children by providing locally implemented services. This
mechanism is illustrated by the new test at os/src/test/sandbox.
Issue #3601
This patch extends the 'Buffered_xml' utility with a new constructor
that fills the buffer with the output of an 'Xml_generator'. It thereby
presents an easy way to generate XML to be consumed locally.
The patch also add a deprecation mark to the original 'xml' accessor
because copying 'Xml_node' objects (here as return value) is dangerous.
The new 'with_xml_node' method should instead be used to access the XML
content stored in the buffer.
Fixes#3602
The XML parser used to rely in C++ exceptions while parsing, which is an
artifact from the initial implementation. This patch reworks the code such
that exceptions are avoided in the common cases.
Fixes#3605
Replace return values with appropiate bool and document two-staged
publickey authentication. This fixes a bug where wrong authentication
attempts are not properly denied.
Issue #3590.
Adding an explicit check clarifies at the first glance that the array
bounds are respected without needing knowledge about MAX_CAPS_PER_MSG
and L4_UTCB_GENERIC_DATA_SIZE (used for dimensioning 'mr').
This patch changes the code of '_alloc_two_blocks_metadata' to not
leak the result of a partial allocation in the out parameters of
the method. This eases the reasoning about the absence of a
use-atfer-free problem (there was none).
With the '-x' argument of the 'g++' tool the language gets specified,
therefore it has to be 'c++' furthermore, not CUSTOM_HOST_CXX. Moreover,
when import-lx_hybrid.mk gets evaluated first, global.mk is not included
yet, therefore we cannot eagerly evaluate the CXX_LINK_OPT_NO_PIE variable.
Issue #3466
server.h:51:12: warning: ‘int write_avail_cb(socket_t, int, void*)’
declared ‘static’ but never defined [-Wunused-function]
This patch fixes the warning by moving the user of 'write_avail_cb' to
the compliation unit that defines it.
Even though the call of map.metadata is known to always return a valid
pointer (because the meta data is assigned in the code just above),
better add an explicit nullptr check.
`volatile` effectively prevents instruction reordering by the compiler
and fixes an issue with -O3 compiled components.
Note, this commit does not address further arguments regarding memory
barriers and volatile voiced in issue #693.
Issue #693
Incoming ACK packets for sent data packets may be the only unblocker for
suspended write/send loops. This patch informs VFS users about I/O of
VFS handle on successfully sent packets.
Store errno in pthread objects, return member upon call to '__error()'.
This became necessary in order to make errno thread-safe.
Note, any call to libc code from a non-pthread (beside the first
entrypoint) is not supported.
issue #3568
- Stop refreshing if all CPUs go to sleep, also in text mode.
- Any input resets update rate to 100Hz in graphic mode, which gets
decreased step by step down to 25Hz if no input is available (looking video
without input by user).
Fixes#3576
This commit uses CUSTOM_HOST_CC/CUSTOM_HOST_CXX instead of hardcoded
commands and introduces HOST_DEV_PREFIX.
Original patch by Roman Iten and Pirmin Duss.
Issue #3466
This is important to issue sync requests for written-to files.
As the closing must be performed by an atexit handler, it happens at a
time _after_ libc plugins are destructed. Consequently an FD allocated
by such a plugin results in a close error, which in turn, does not
destruct the FD. We ultimatedly end up in an infinte loop of
re-attempting the close. For this reason, the patch changes 'close' to
be robust against this special case.
This is generally not a problem because libc plugins are phased out.
However, at present, the libc_noux plugin is still important. With the
changed 'close' in place, there occurred an error message "Error: close:
close not implemented" at the exit of each noux program. This patch
removes the error printing from the libc plugin mechansim to avoid this
noise. The error messages are not important anyway because the
deprecation of the libc plugin interface.
Issue #3578
The getpeername function is provided only by the socket fs.
In the case where the socket fs is not configured, return an appropriate
errno instead probing for a libc plugin (there is none).
Issue #3578
This patch removes the global variable 'blocker', which was expected to
be constructed via the global ctors. This mechanism, however, is not
used for the base library, which resulted in the use of an unconstructed
object. Specifically, the spinlock of the 'Lock' of the 'Registry'
defaulted to the LOCKED state (value 0), which eventually would lead to
a deadlock in the contention case of the cxa guard.
I could observe this deadlock once on during the component startup on
base-linux during the construction of the 'startup_lock'.
This patch fixes the problem by explicitly initializing the registry
of blockers via an init function.
Issue #2299
Issue #3578
- Close FDs marked with the close-on-execve flag
(needed for 'make', which sets the flag for the pipe-in
FD of forked children)
- Update binary name on execve to use as ROM for subsequent fork
- Enable vfork as an alias for fork (needed by make)
- Purge line buffers for output streams during execve because they
may be allocated at the allocation heap, which does not survive
the execve call.
- Consider short-lived processes that may exit while the parent still
blocks in the fork call.
With these changes, the website generator of genodians.org works without
the need for the Noux runtime.
Issue #3578
This restores behavior introduced in
commit cb232891bf
Author: Norman Feske <norman.feske@genode-labs.com>
Date: Tue May 10 11:55:25 2016 +0200
Fix noux.run on base-linux
but removed by issue #2829.
Related to issue #1938
fd > FD_SETSIZE cannot use 'select' or 'poll' within our libc.
Therefore, we added a bit allocator in order to allocate fd < FD_SETSIZE
(1024).
fixes#3568
From the man page of expect:
> Both expect and interact will detect when the current process exits
> and implicitly do a close. But if you kill the process by, say, "exec
> kill $pid", you will need to explicitly call close.
Fixes#3569
This patch is a follow-up fix for "ttf_font: prevent out-of-bounds
access", which produced sporadic single-pixel artifacts with large font
sizes, e.g., with the monospaced font set to 24px in Sculpt.
The artifacts occurred only for some horizontal sub-pixel positions, in
combination with the font cache, and after the rendering of '>'
characters. They were ultimately caused by the missed clearning of the
first pixel of a glyph where x0 is 1 (e.g., the character 'd'). In this
case, a pixel from the previously evicted cache entry (the '>') shined
through. The patch fixes the problem by clearing the glyph starting from
the first, not the x0's, pixel.
Fixes#3567
This test covers the situation where depot_query evaluates depot content
that is incompletely extracted. In particular, if the 'archives' file
already exists but has a size of zero, depot_query would produce a
page fault. This situation can be manually provoked by deliberately
creating a zero-sized archives file for any otherwise correct pkg.
This patch also fixes the success indicator of the test. It wrongly
matched an early line of the log output.
Issue #3557
* The log history of a test is stored as a whole for the lifetime of the test.
* Matching of the log history against log patterns is done correctly now
(previously, a pattern like "AAB" on an input like "AAAB" wouldn't have
triggered).
* Use memcmp, memcpy, memmove instead of the former character-wise operations.
* Sanitizing of log input and log patterns now works more generic through the
new Filter class for all replacements/removals.
* Sanitizing is done as soon as a string is available and remains for the
lifetime of the test.
* Sanitizing doesn't interfer with the matching algorithm.
* Decomposing into small clearly named functions.
Ref #3555
Make sure timers run at the same priority as component threads, otherwise
no timer progress can be made. See 'rtTimeNanoTSInternalRef' (timesupref.h)
and 'rtTimerLRThread' (timerlr-generic.cpp).
This is a follow-up patch for "noux: don't update mtimes for read-only
files". It eliminates warning messages during Sculpt's prepare step when
'cp' tries to update the mtimes of the source files.
When copying config/managed/deploy to config/deploy, the latter may
temporarily result in an empty configuration. Such an intermediate
state should be ignored to keep the currently running scenario in tact
instead of restarting it.
This patch addresses a corner case where the nitpicker focus is not
solely defined by mouse clicks or (exclusively) by a window manager, but
by a policy component that takes mouse clicks and other policy (e.g.,
a lock screen) into account. It ensures that each click that follows a
focus change (however initiated) results in a new "clicked" report even
when the report looks the same. To allow the policy component to
uniquely distiguish subsequent reports, the report features a new
'version' attribute.
Fixes#3493
This is a follow-up patch for issue #1784 that solves two
inconsistencies.
- The Vfs::Timestamp::INVALID matches File_system::Timestamp::INVALID
- The Noux libc plugin tests for Timestamp::INVALID instead of a
positive value.
The patch fixes the mtime info as shown in directory listings in
Sculpt's inspect window.
This patch let the VFS server reflect the session policy via the
writeable bit in directory entries instead of merely forwarding the bit
from the respective VFS plugin. This way, all files originating from a
read-only file-system session automatically appear in directory listings
as read-only files.
Related to issue #3507
required due to pthreads becoming/are an integral part of the libc now.
Commit avoids libc error:
Error: libc suspend() called from non-user context (0xaf5c784) - aborting
Issue #3550
'dlopen' causes the ldso to open ROM connections, right now we only
support single file names for these ROM not paths. Therefore, we extract
the file name from path within libc's 'dlopen'
fixes#3551
This is an intermediate fix to handle sends to sockets shut down by the
peer already. A final fix in the libc would add support for the
MSG_NOSIGNAL send flag, generate SIGPIPE, and return the expected EINTR.
Then this patch is no longer required.
This commit also drops the obsolete patch for missing
sysconf(_SC_NPROCESSORS_ONLN), which is now part of libc.
The VFS server as reworked in issue #3547 responds to such an attempt
with a failure as acknowledgement, triggering the client-side error
"Error: packet operation=2 failed" at noux.
This patch prevents the driver from translating Insufficient_ram_quota
and Insufficient_cap_quota exceptions to Service_denied exceptions at
session-creation time. This enables the client to respond to such a
condition by retrying the session creation with increased session quota.
Add a new plugin for creating pipes between pairs of VFS handles. It is
intended to replace the libc_pipe plugin, one of the last remaining libc
plugins.
In contrast to the libc_pipe plugin, this plugin defers cross-handle
notification until I/O signal handling rather than block and unblock
readers using a semaphore. This is a performance regression in the case
of multiple threads blocking on a pipe, but shall be an intermediate
mechanism pending renovations within the libc VFS and threading layers.
As a side effect, threads blocked on a pipe might not be resumed until
the main thread suspends and dispatches I/O signals.
The "test-libc_pipe" test has been adjusted to use the VFS pipe plugin
and tests both local pipes and pipes hosted remotely in the VFS server.
Merge adaptations (such as EOF handling, adjustment to VFS/libc
interface changes) by Norman Feske.
Fix#2303
This patch reworks the VFS server to become easier to understand.
- The packet-stream handling is hidden from the node types.
- Introduced the notion of a "job" as an abstraction from the raw packet
stream.
- The processing of requests is split into three phases:
(1) accepting new jobs,
(2) the execution of jobs, and
(3) the delivery of acknowledgements.
- There is no longer a global fifo of pending nodes. Instead, each
session has a fifo of "active" nodes, which are nodes that wait
for the completion of jobs.
- The Io_node type no longer uses virtual functions as hooks for
the derrived classes. Instead, it provides a number of utility
functions.
- The control flow of the 'Io_progress_handler' is now the same as
for the session-local packet-stream handler.
- Removed dependency from 'file_system/node.h', which is a relic
from the ram_fs.
While reworking the code, the following semantic changes were made
additionally.
- The handling of SEEK_TAIL no longer overwrites the file content at the
end of the file.
- Removed diagnostic message at session-creation time.
- Write loop for continuous files
Issue #3547
Issue #2303
This patch reduces the debug noise for the prominent case of executing
bash with coreutils. Without it, the forked process will always ask for
more RAM immediately when starting up.
This change allows for the conversion of directory entries in place
(i.e., in the VFS server) and anticipates the potential future merge of
both types into one.
Issue #3547
This patch improves the libc's write operation to iterate on partial
writes to continuous files until the original write count is reached.
The split of large write operations into small partial writes as
dictated by the VFS infrastructure (e.g., constained by I/O buffer
sizes) becomes invisible to the libc-using application.
Issue #3507
Issue #2303
Make sure that at least entry is present in the .dynamic section, so the
PT_DYNAMIC segment points to something valid in case there are no
dynamic symbols.
issue #3537
This patch adds the ability to call 'kill' with the own PID to trigger
the execution of the handler of the specified POSIX signal. This is used
by 'bash', e.g., when cancelling the input of a command via control-c.
Related to issue #3546
This patch equips the VFS terminal file system with the ability to
detect user interrupts in the incoming data stream, and propagate this
information via the new pseudo file '.terminal/interrupts'. Each time,
the user presses control-c in the terminal, the value stored in this
pseudo file is increased. Thereby, a VFS client can watch this file to
get notified about the occurrences of user interrupts.
Fixes#3546
The scratch buffer is now allocated from the heap and is shared
between the test as they are executed in a serial fashion. This
change saves memory as the test are constructed at start-up.
Fixes#3539.
This patch adds support for watch notifications for the
'Readonly_value_file_system', which is often used by VFS plugins to
implement pseudo files. It thereby enables VFS clients to respond to
VFS-plugin events (think of terminal resize) dynamically.
Fixes#3523
As genode.org site is now protected by TLS and unencrypted site
is redirected to enctypted one, download URL should be modified
to reflect this change.
Without this change, wget downloads just index.html file.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes#3538
It runs pretty well on Raspberry Pi, for example.
Leaving this scenario limited to x86 for autopilot runs only.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes#3536
Prevents integration failures like follows if the libraries were not
built already in the build directory.
Missing boot modules: libm.lib.so posix.lib.so
Makefile:323: recipe for target 'run/lwip_lx' failed
Passing array of unsigned chars to Genode::log() function
makes it converted to void pointer, resulting in printing its address.
Wrapping this array into Genode::Cstring solves this problem
and makes it being printed properly as zero-terminaled string.
Signed-off-by: Oleg Girko <ol@infoserver.lv>
Fixes#3530
Uplink labels were stored in the uplink objects as reference. As uplink objects
may be re-used on re-configuration to avoid unnecessary closing and re-opening
of NIC sessions, the label reference could get invalid as the object that
stored the label content didn't get re-used. Thus, the label is now copied to
the uplink object.
Fixes#3529
This adds two new boolean attributes to the <report> tag of the NIC router
configuration 'link_state' and 'link_state_triggers'. The former decides
whether to report the link state of each NIC interface (downlink, uplinks) at
the NIC router. The other decides whether to trigger reporting each time the
link state of an interface changes.
Fixes#3527
If a MAC address was once allocated for a downlink and during the further
creation of the downlink an exception caused the creation to be aborted, the
NIC router didn't free the MAC address again.
Ref #3525
The handling of exceptions during session creation implies freeing and
detaching the RAM DS behind the session env and session component. But this
was done using the session env located in the same RAM DS, which must
lead to problems. Now, the session env from the RAM DS is copied to the stack
and the operations are done on this temporary instance instead.
Ref #3525
When the construction of a member of Packet_stream_*::Rpc_object after
the _cap member threw an exception, the object was not dissolved from
the entrypoint although the Rpc_object vanished at this point. This was
because the call to 'manage()' happened in the initializer list (for the
_cap member instantiation). The destruction of the _cap member then did
not dissolve the object.
This first fix moves the call to 'manage()' into the constructor body
after the instantiation of all other members. A more sophisticated fix
would use some kind of 'Managed_object' life-time guard that manages an
object on construction and dissolves on destruction.
Ref #3525
When re-configuring a domain from using a static IP config to using a dynamic
IP config, attached interfaces didn't react with doing DHCP discover. This bug
is fixed now and the nic_router_flood test was adapted in a way that it tests
the described behavior.
Fix#3518
This patch introduces a new scheme of handling ioctl operations that
maps ioctls to pseudo-file accesses, similar to how the libc maps socket
calls to socket-fs operations.
A device file can be accompanied with a (hidden) directory that is named
after the device file and hosts pseudo files for triggering the various
device operations. For example, for accessing a terminal, the directory
structure looks like this:
/dev/terminal
/dev/.terminal/info
The 'info' file contains device information in XML format. The type of
the XML node corresponds to the device type. E.g., If the libc receives
a 'TIOCGWINSZ' ioctl for /dev/terminal, it reads the content of
/dev/.terminal/info to obtain the terminal-size information. In this
case, the 'info' file looks as follows:
<terminal rows="25" columns="80/>
Following this scheme, VFS plugins can support ioctl operations by
providing an ioctl directory in addition to the actual device file.
Internally, the mechanism uses the 'os/vfs.h' API to access pseudo
files. Hence, we need to propagate the Vfs::Env to 'vfs_plugin.cc' to
create an instance of a 'Directory' for the root for the VFS.
Issue #3519
The run script used to be the only user of the fatfs_fs server, which
we're going to remove. This patch removes the components for accessing a
real storage device and file system from the run script. The new version
just uses ram_fs.
Issue #3512
Nowadays, we use standard command-line tools like vim to edit init
configurations dynamically, which alleviates the need for a custom CLI.
The CLI-monitor component was too limited for use cases like Sculpt
anyway.
The patch also removes the ancient (and untested for long time)
terminal_mux.run script, which used to be the only remaining user of the
CLI monitor.
Issue #3512
This driver manually checks if the RAM quota is big enough for the
Lan9118 nic session component. The problem is Root_component::_create
from which Root_component::_create_session gets called does already
check this. No need to account for it twice.
Fixes#3514
This patch extends the 'File_system::Status',
'File_system::Directory_entry', and the related 'Vfs' types with
the following additional information:
- Distinction between continuous and transactional files (Node_type)
(issue #3507)
- Readable, writeable, and executable attributes (Node_rwx),
replacing the former 'mode' bits
(issue #3030)
The types 'Node_rwx', 'Node_type' are defined twice,
once for the VFS (vfs/types.h) and once for the 'File_system'
session (file_system_session/file_system_session.h).
Similarly, there is a direct correspondance between
'Vfs::Directory_service::Dirent' and 'File_system::Directory_entry'.
This duplication of types follows the existing pattern of keeping the
VFS and file-system session independent from each other.
Moving the handling into the input-session clients enables more
sophisticated implementations (like Qt5) to apply key-symbol based
handling of those modifiers like correct CTRL-A with QWERTY and AZERTY
layouts and distinction of CTRL-J and Return.
Issue #3483
The API still exports 32-bit address and size values only, which works
as the actual MMIO resources are allocated in platform_drv internally.
Fixes#3494
Map ACPI tables entirely as one dataspaces (not page-by-page). Note, the
current approach does only merge overlapping but not consecutive I/O
memory regions, which would reduce the amount of capabilities required
even further.
Fixes#3495
With the added modification-time support in the libc, the extract tool
requires a timer session, which is not plausible for the purpose of the
program.
This behavior stems from the fact that the libc implicitly writes the
mtime when closing a written file. For this update, it implicitly calls
'clock_gettime', which in turn initializes the timer subsystem within
the libc (creating a timer session).
For the extract tool, the implicitly updated mtime is useless because
the extract tool overwrites this modification time with the mtime stored
in the archive anyway. However, the dependency from a timer service
remains.
This patch explicitly disables the libc's implicit updating of the
file-modification when closing a written file.
Issue #1784
By specifying <libc update_mtime="no"...>, the modification-time update
on VFS-sync operations (as issued whenever a written file is closed)
can explicitly be disabled.
Issue #1784
... and set initial time by using RTC session.
Up to now Noux used a monotic clock whose initial start value always
was '0' (which correlates to the start of the UNIX epoch) to provide
a notion of time. In addition it is now possible to use the RTC
session to set the initial value for use cases where having a proper
real-world time matters.
To use the RTC session the 'rtc' attribute of the '<config>' node
must be set to 'yes'. Thereby the session becomes a mandatory
dependency as Noux will not start without it.
Issue #1784
This patch complements the commit "libc: execve" with the ability to
execute files stored at arbitrary sub directories of the file system.
Issue #3481
Issue #3500
This patch removes ldso's builtin policy of removing any path elements
prepending the ROM module name. Instead, the ROM name is used as is.
This clears the way to access different ROM modules that share the same
name but are stored at different directories behind an fs_rom (e.g.,
/bin/bash vs. /usr/local/bin/bash).
Issue #3500
This patch replaces the naive dup2 implementation (that merely
duplicated the context pointer) by the replication of the original
FD state by re-opening the same file with the same flags and seek
position. This prevents a potential double release of the VFS handle
(the FD context). It also implements 'dup'.
Fixes#3505Fixes#3477
- Eliminate call of global libc_config()
- Remove dynamic memory allocation, const cast
- Prepare for moving the state from compilation unit to header
- Fix run/libc_getpwent.run
Issue #3497
This patch unifies the patterns of using the 'Genode' and 'Libc'
namespaces.
Types defined in the 'internal/' headers reside in the 'Libc'
namespace. The code in the headers does not need to use the
'Libc::' prefix.
Compilation units import the 'Libc' namespace after the definition of
local types. Local types reside in the 'Libc' namespace (and should
eventually move to an 'internal/' header).
Since the 'Libc' namespace imports the 'Genode' namespace, there is
no need to use the 'Genode::' prefix. Consequently, code in the
compilation units rarely need to qualify the 'Genode' or 'Libc'
namespaces.
There are a few cases where the 'Libc', the 'Genode', and the global
(libc) namespaces are ambigious. In these cases, an explicit
clarification is needed:
- 'Genode::Allocator' differs from 'Libc::Allocator'.
- 'Genode::Env' differs from 'Libc::Env'.
- Genode's string functions (strcmp, memcpy, strcpy) conflict
with the names of the (global) libc functions.
- There exist both 'Genode::uint64_t' and the libc'c 'uint64_t'.
Issue #3497
This patch is the first step of re-organizing the internal structure of
the libc. The original version involved many direct calls of global
functions (often with side effects) across compilation units, which
made the control flow (e.g., the initialization sequence) hard to
follow.
The new version replaces those ad-hoc interactions with dedicated
interfaces (like suspend.h, resume.h, select.h, current_time.h). The
underlying facilities are provided by the central Libc::Kernel and
selectively propagated to the various compilation units. The latter is
done by a sequence of 'init_*' calls, which eventually will be replaced
by constructor calls.
The addition of new headers increases the chance for name clashes with
existing (public) headers. To disambiguate libc-internal header files
from public headers, this patch moves the former into a new 'internal/'
subdirectory. This makes the include directives easier to follow and the
libc's source-tree structure more tidy.
There are still a few legacies left, which cannot easily be removed
right now (e.g., because noux relies on them). However, the patch moves
those bad apples to legacy.h and legacy.cc, which highlights the
deprecation of those functions.
Issue #3497
- readv_writev: move 'rw_lock' instance into a function scope,
constructing the instance on the first access.
- select: move 'select_cb_list' instance into function scope.
- thread: move 'key_list_lock' and 'keys' into function scope.
- rwlock, semaphore, socket_fs_plugin, thread, thread_create:
instantiate 'Libc::Allocator' per use, alleviating the need for a
global instance.
Issue #3496
Implement getifaddrs and freeifaddrs within the libc using socket
control files at the VFS. Add an "address" and "netmask" file to the
lwIP plugin.
Only a single IPv4 address is initially supported, and the broadcast
address returned will never be valid.
Fixes#3439
This adds complete character-generator configurations for English (US),
German (Germany and Switzerland), and French (France and Switzerland).
The configs are manually amended and stripped-down versions of
xkb2ifcfg generated configs.
Issue #3483
The Press event is actually a Press_char event with a default codepoint.
The default codepoint is now
Codepoint { Codepoint::INVALID } /* value 0xfffe */
in contrast to
Codepoint { Input::Event::INVALID } /* value 0 */
Issue #3483
This patch implements 'execve' in Genode's libc.
The mechanism relies on the dynamic linker's ability to replace the
loaded binary while keeping crucial libraries - in particular the libc -
intact. The state outside the libc is wiped. For this reason, all libc
internal state needed beyond the 'execve' call must be allocated on a
heap separate from the application-owned malloc heap. E.g.,
libc-internal file-descriptor objects must not be allocated or refer to
any memory object allocated from the malloc heap.
Issue #3481
The allocation of regions within the linker area is normally left to the
best-fit 'Allocator_avl', which happens to populate the linker area
starting with the binary followed by all loaded libraried with no gaps
in between.
When replacing the binary during execve, however, we need to ensure that
the new binary does not conflict with any library that stays resident
during execve. This patch tweaks the linker's region allocation scheme
such that these libraries are placed at the end of the linker area.
Issue #3481
This patch extends the interface of the dynamic linker with the ability
to replace the running binary executable by another one. It is
designated for the implementation of execve. The interface consists of
two new functions.
'Dynamic_linker::keep' marks the specified shared object as unloadable.
This can be used to pin a set of libraries (i.e., the libc) within the
local address space while replacing the binary and other higher-level
libraries.
'Dynamic_linker::respawn' unloads the current binary, loads the one
specifed as first argument, and looks up the entry point symbol of the
new binary, which would be "main" for POSIX programs.
In addition to implementing the new interface, the patch adjusts the
linker at various places that previously assumed the binary to be
constant over runtime.
Issue #3481
This patch is a follow-up commit for "ld: load dynamic linker at static
address on Linux". It suppresses the stderr output of 'dd' when marking
the ELF binary as executable.
Issue #3479
This patch enables the fork.run script to run on base-linux. It should
be regarded as an interim solution, however, because the randomization
performed by the Linux kernel may still - by chance - produce a
situation where one of the libc's malloc heap regions intersects with
another dataspace dynamically attached to the child.
The better solution would be to make the 'Region_map_mmap'
implementation not depend on the kernel's allocation policy by using a
locally implemented allocator.
Issue #3478
This patch extends the fork test with explicit checks for the cloned
content of the heap and RW segment as well as the seek position of an
open file descriptor. It adds the new libports/run/fork.run script
that exercises the fork mechanism implemented by the libc. It is based
on noux_fork.run, which tests the mechansim provided by noux. The
test program has been moved from ports to libports.
Issue #3478
The libc already supports the configuration of 'stdin', 'stdout', and
'stderr' using '<libc>' config attributes. This patch equips the libc
with the additional ability to pre-initialize any other file descriptor.
A file descriptor is configured as follows:
<config>
...
<libc ...>
<fd id="3" path="/dev/log" writeable="yes" readable="no" seek="10"/>
...
</libc>
</config>
Furthermore, this patch moves the FD initialization code from the VFS
plugin to the libc kernel initialization because opening the FDs
depends on 'malloc' ('strdup'), which should not be used at early
'Libc::Kernel' initialization time.
Issue #3478
This patch replaces the former use of an Allocator_avl with the Id_space
utility, which is safer to use and allows for the iteration of all
elements. The iteration over open file descriptors is needed for
implementing 'fork'.
Issue #3478
The new 'Heap::for_each_region' method provides information about the
heap's used virtual-memory regions. This method allows for the
mirroring of the heap state as needed by 'fork'.
Issue #3478
By specifying the config attribute 'check_ctors="no"', the dynamic
linker won't abort the program on a missing call of
'Env::exec_static_constructors'. This is the case for forked programs
where the ctors were already executed by the forking program prior the
fork operation.
Issue #3478
This patch enhances the 'base/shared_object.h' interface of the dynamic
linker with the function 'for_each_loaded_object', which allows the
caller to obtain information about the currently loaded binary and
shared libraries.
The new interface is a base mechanism needed for implementing 'fork' in
the libc.
Issue #3478
By using Genode::strncpy instead of the libc's strncpy, we cannot end up
in the situation where the result lacks the zero termination (where the
number of charactors equals the destination buffer size).
This patch handles the case where a PD's cap quota becomes exhausted
on the attempt to transfer caps via 'Env::pd().transfer_quota'. The
solution mirrors the existing code for RAM quota.
Prior this patch, the 'transfer_quota' operation would trigger an
'Out_of_caps' exception.
