- Added 'io_buffer' attribute, default is 4M
- Added 'batch' attribute, specifying the number of jobs used
in parallel, default is 1 (sequential)
- Removed 'synchronous' attribute (use batch of 1 instead)
- Added 'copy' attribute (default "yes")
- Print number of signals ("triggered")
Issue #3283
This patch equips the 'Block::Connection' with a framework API for the
implementation of robust block-session clients that perform block I/O in
an asynchronous fashion.
An application-defined 'JOB' type, inherited from 'Connection::Job',
encapsulates the application's context information associated with a
block operation.
The lifecycle of the jobs is implemented by the 'Connection' and driven
by the application's invokation of 'Connection::update_jobs'. The
'update_jobs' mechanism takes three hook functions as arguments, which
implement the applications-defined policy for producing and consuming
data, and for the completion of jobs.
Issue #3283
As a preparatory step for introducing the new block-client API, we have
to turn the 'Block::Connection' into a class template. The template
argument will be used to tie an application-defined job type to the
block connection.
Issue #3283
Instead of using `cps` instruction, use an exception return
instruction to switch from `hyp` mode to `svc` mode.
Otherwise it causes unpredicted behaviour on ARM.
Fix#3284
This patch adds support for manually triggering the wakeup of the packet
sink by the source. This way, a packet source becomes able to marshal
batches of submissions or unmarshal batches of acknowledgements before
yielding the control over to the sink.
Issue #3283
Issue #3111
remove_range may deny to the job on memory pressure or insane ranges,
which ends up in an endless loop when the Avl allocator is in destruction.
Since the Avl gets destructed, solely the memory free up is of importance,
not the correct range adjustments during remove_range.
Track the dataspaces used by attach and add handling of flushing VM space
when dataspace gets destroyed (not triggered via the vm_session interface).
Issue #3111
Handles corner case when addr + size becomes exactly 0. Before the commit
the function returned that sum is not part of the range, which is wrong.
Issue #3111
This patch removes the blocking Block::Session::sync RPC function and
adds the asynchronous operations SYNC and TRIM to the block session's
packet-stream interface.
Even though the patch adjusts all block components to the interface
change, the components keep the former blocking handling of sync
internally for now because of the design of the 'Block::Driver'
interface. This old interface is not worth changing. We should instead
migrate the block servers step by step to the new
'Block::Request_stream' API.
Fixes#3274
The new request tag allows a block-session client to uniquely correlate
acknowledgements with outstanding requests. Until now, this was possible
for read and write operations by taking the value of the request's
packet-stream offset. However, SYNC and TRIM requests do not carry any
packet-stream payload and thereby lack meaningful offset values. By
introducing the notion of a 'tag', we can support multiple outstanding
requests of any type and don't need to overload the meaning of the
'offset' value.
Issue #3274
This patch splits the 'Request' definition into smaller types that are
suitable for the client-side API too.
The new 'Operation' type comprises the block operation's type (opcode)
and the operation's arguments (block number, block count).
The former 'Request::operation_defined' is now 'Operation::valid'.
The 'Request' aggregates an 'Operation', which changes its object
layout.
Note that this commit relaxes the bit-precise definition of 'Request' to
facilitate the use of 'unsigned long' where appropriate, in particular
for the request tag (which should correspond to an 'Id_space::Id'). The
originally bit-precise definition was pursued to allow the sharing of
the 'Request' type between SPARK and C++ code. However, it turns out
that defining a native type in each language and a (set of) converting
constructors is a more natural approach.
Issue #3283
When receiving a terminal signal, the uart device model has to
take all characters out of the stream. Otherwise, characters
might never arrive at the VM. This was not recognized before,
because it was used with a quite slow UART only, which obviously
never achieved to send more characters at once.
Ref #3278
A small terminal-client tool, which expects a specific line(-start),
and then sends a specified line to the other side. Optionally,
it prints all received lines to its LOG service.
Ref #3278
- sorting of initializer by Christian Prochaska - issue #3253
- leak of FPU register state reported by Julian Stecklina - thanks !
- fix page table synchronization bug - by Julian Stecklina
- add a second dynamic buddy if the memory requirements could not be fulfilled
by the first dynamic buddy
- disable vtlb peek if EPT/NPT is enabled
This patch renames 'wakeup_client' to 'wakeup_client_if_needed' to
clarify that the method triggers signals only when needed, not on every
call.
The name 'wakeup_client' is prone to misguide users to call the function
conditionally as an optimization, thereby complicating the code, but to
no effect.
Fixes#3279
This patch replaces the formerly fixed 2 KiB data alignment within the
packet-stream buffer by a server-defined alignment. This has two
benefits.
First, when using block servers that provide small block sizes like 512
bytes, we avoid fragmenting the packet-stream buffer, which occurs when
aligning 512-byte requests at 2 KiB boundaries. This reduces meta data
costs for the packet-stream allocator and also allows fitting more
requests into the buffer.
Second, block drivers with alignment constraints dictated by the
hardware can now pass those constraints to the client, thereby easing
the use of zero-copy DMA directly into the packet stream.
The alignment is determined by the Block::Session_client at construction
time and applied by the Block::Session_client::alloc_packet method.
Block-session clients should always use this method, not the 'alloc_packet'
method of the packet stream (tx source) directly. The latter merely
applies a default alignment of 2 KiB.
At the server side, the alignment is automatically checked by
block/component.h (old API) and block/request_stream.h (new API).
Issue #3274
This patch modernizes the 'Block::Session::info' interface. Instead of
using out parameters, the 'init' RPC function returns a compound 'Info'
object now. The rather complicated 'Operations' struct is replaced by
a 'writeable' attribute in the 'Info' object.
Fixes#3275
Triggering of an invalidated signal seems to be no real exception,
but something that occurs regularily. Therefore, the kernel warning
is of no use to developers anymore.
Ref #3277
As far as possible remove usage of warning/error/log in the kernel,
otherwise the kernel context might try to take a lock hold by a core
thread, which results in a syscall to block.
Fix#3277
This patch removes the reliance of the extract tool from the libc's
behavior regarding the access of time and timing.
The extract tool is not expected to need time. However, unfortunately,
libarchive calls the 'time' function unconditionally. By adding a
dummy for 'time', we avoid bothering the libc, which would otherwise
need to obtain a time source.
Issue #3204
In the original version, I used 'number_of_bits' because Ada's 'Size
returns the size in bits, not bytes. But the values (for objects) are
always a multiple of 8. On the C++ side, performing size checks at the
granularity of bits is just awkward. The term 'object size' is more
natural.
* necessary for enabling the kernel debugging facilities on base-foc
(outstring, fiasco_tbuf_log_3val and friends)
* disabled by default
related to issue #3260
By adding a wildcard at the beginning of (expected) error messages, the
test.run tool becomes able to match the lines (ignoring the characters
of the color escape sequence).
The 'aes_cbc_4k' library is simple wrapper around libsparkcrypto to
serve as a backend for storage encryption. It operates on data chunks of
4 KiB and uses AES-CBC while incorporating the block number and the
private key as salt values.
Discovered while creating an ext2 file system on an sd_card (no
partitions, imx6), which failed with an error message that stated the
device is in use. Genode's libc/posix layer has no notion of mount
points.
Fixes#3271
Disconnecting a client and connecting an other to the sd_card_drv
on imx6 results in a "Completion host signal timed out" error in
the newly connected client.
Fixes#3272
The "nameserver" file cannot be opened through a VFS File_system client
if the plugin does not support opening the parent directory of
"/nameserver", which would be "/".
Ref #3269
Replace the I/O response handler that is passed to the VFS at
construction with an object that is dynamically attached to handles.
This object shall also accept read-ready notifications, and plugins are
encouraged to keep handles awaiting ready-ready notifications separate
from handles that await I/O progress.
Replace the use of handle lists in plugins with handle queues, this
makes the code easier to understand and the ordering of notifications to
the application more explicit.
These changes replace the use of the Post_signal_hook from all VFS
plugins, applications must assume that read-ready and I/O notifications
occur during I/O signal dispatch and use an Io_progress_handler at its
entrypoints to defer response until after signal dispatching.
Fix#3257
Make sure that the rwlock is allocated before a lock operation is
performed. This case occurs if a static rwlock was create by using
PTHREAD_RWLOCK_INITIALIZER. Same goes for PTHREAD_CONDS_INITIALIZER.
Fixes#3262.
Since QEMU might put the audio device at 00:03.0, also check if the
vendor is Intel. Hopefully we do not render HDA on real machines
useless with this changes (so far I have not encountered one).
Fixes#3263.
For better or worse we have no proper way of handling this right now
but contrib libraries, e.g. glib, use it to determine if they can use
the underlying fd.
Fxies #3265.
Issue #3111
- enable vt-x in kernel configuration
Kernel patches:
- add unrestricted guest support
- avoid kernel boot failure when vt-x is not available
- avoid nullpointer in kernel when vcpu is not fully setup
- avoid vcpu scheduling bug which causes starvation on same/below prio level
- save efer register correctly from guest
The '_currently_constructed' pointer caches the information about which
'Launched_child' is currently configured in the menu. When discarding
the runtime (e.g., when un-using a file system) at this point, this
cached pointer was not invalidated while all 'Launched_child' objects
would be freed (including the currently constructed one). On the next
attempt to construct a new child, the sculpt manager attempted to
destruct the 'Launched_child' referred by the (now outdated)
'_currently_constructed' again.
Fixes#3240
Until now, Genode referenced a fork of the outdated elfloader-tool
to enable bootstrapping of sel4 on ARM platforms. Because the
elfloader is inherently dependent on the used platforms newer
ARM versions supported by the kernel could not be loaded by the
outdated elfloader. This commit uses a fresh fork of the nowadays
used sel4_tools repository.
Ref #3251
This commit handles the corner case where a package could be installed
successfully but the package's runtime definition is inconsistent with
the content delivered by the package's dependencies, i.e., the <content>
of the runtime file lists ROM modules that do not exist.
With this patch, the '+' menu shows the message "installed but
incomplete" whenever a package is in such a state.
Issue #3241
The new configuration attributes <tcp-forward to_port="123" /> and
<udp-forward to_port="123" /> enable manipulating the destination port of
port-forwarded packets.
Fixes#3237
The required memory of the VMM depends on the VM memory configuration (vbox)
and the available screen resolution. Check for insane configurations in the
beginning to avoid late surprises.
Issue #3216
The "Vfs::Vfs_handle" type should not contain any public members that
can be initialized by the VFS internally and by the application, so
remove inheritance from the "Genode::list::Element" class. The VFS
plugins must instead use lists of "Vfs::Vfs_handle" sub-classes, the
lifetime of which are always managed by the plugin.
Ref #3036
Use a single timeout scheduler passed during lxip instantiation for
both timers and 'schedule_timeout' facilites rather than instantiate
two timer sessions and signal handlers. This reduces the library's
capability cost and initialization time.
Fix#2961
The old inline assembly provided two output operands that were afterwards
combined for a return value. However, the second output operand isn't
necessary when using the "Acquiring a Lock" example-code of the ARM manual
"Barrier Litmus Tests and Cookbook". This saves two logical operations
per acquisition try. Additionally better documentation is now provided.
Fixes#1292
This patch adds the items necessary for building Genode components with
stack protection enabled, but it is not initialized at runtime. They are
provided at the moment as a convenience and do not implement a security
feature.
Fix#3066
This is a safeguard against accidentally taking the 'Ack' interface as a
value instead of a reference.
The 'Payload' interface should also not be copied (and potentially
stored) because it contains a pointer.
It turns out that the commit "window layouter: allow floating apps to
resize" interplays badly with the interactive toggling of the maximize
state of windows. In contrast to the window geometry and stacking, which
is always updated through the rules-feedback mechanism, interactive
changes of the maximize state omitted this loop and instead took a local
shortcut. Because of this shortcut, the maximized geometry eventually
ended up as window size in the window's assign rule. So unmaximizing the
window failed to revert the geometry to its original state.
This patch removes this inconsistency. The maximize state adheres to the
official chain of commands through the rules mechanism now. The state is
now maintained internally without affecting the window's geometry and is
evaluated while generating the window layout only.
As a minor loosely related improvement, this patch prevents the
highlighting of resize handles for non-resizable windows.
Issue #3200
This patch reworks the 'Session_component::destroy' to cope become
robust against a client-provided invalid view handle. The code did not
consider that 'Handle_registry::has_handle' may throw.
Thanks to Alexander Boettcher for reporting and the initial fix.
Fixes#3232
This patch improves the transition from an interactive window geometry
change (dragging a window element) to the point where the resulting
new layout rules come into effect. During this short time, no resize
request must be issued because such a resize request would be based on
stale rules.
Fixes#3227
This is a follow-up commit to "Update <provides> info in pkg runtimes",
which adapts the users of the wm pkg to the changed label of the "focus"
nitpicker session.
If a component is being destroyed just before it calls `exit()` at its
parent, the `exit()` call causes an `Ipc_error` exception, which leads to
an `abort()` loop with repeated error messages, because `abort()` calls
`exit()` too. Catching the exception in `Expanding_parent_client::exit()`
avoids this problem.
Fixes#3228
bus or device should be different (not both) when comparing a device to
already present devices. Because of this the second USB device was
marked as existent when the bus matched or the bus did not but the
device number.
This patch gives applications the ability to control the size of their
window whenever the window is floating, not tiled or maximized. See the
comment in the code for the rationale.
Fixes#3200
The default rate of 100 ms keeps Sculpt too busy because the menu that
displays the percentage values is drawn completely on each update.
Limiting the rate to 1/4 seconds relieves the effect.
By clicking on a yellow checkbox in the depot selection dialog, the
corresponding index files are removed. This way, index files can
be update by removing and downloading them again.
This patch also filters out sculpt-managed components from the graph to
avoid erratic graph-position changes while the '+' menu is open.
Fixes#3193
Without this patch, a version change of an already exited child would not
trigger the restart of the child because the version is evaluated as
late as the child configuration, but only if the child has not exited
yet.
This patch evaluates the version at the earlier stage where the identity
of the child (its name) is checked against the new configuration.
Fixes#3226
The disk image contains an extended partition table now that would
have been parsed incorrectly in the past. While there remove the unused
gpt BLOB (test-part_block_gpt has its own raw archive).
Issue #3223.
The fs_tool component performs file operations according to its
configuration. This initial version implements only the operation
<remove-file> as needed for Sculpt CE.
Issue #3222
Issue #3193
This patch refines the criterion of when the networking is considered as
ready to use. Until now, any IP reported by the NIC router was taken as
an indicator for connectivity. But as the NIC router reports an IP
0.0.0.0/32 when no network cable is plugged at the uplink, the condition
was too loose.
* Introduces pending_signal syscall to check for new signals for the
calling thread without blocking
* Implements pending_signal in the base-library specific for hw to use the
new syscall
Fix#3217
This patch improves the error handling of depot-download manager for the
case where a download is requested but the corresponding software
provider information is absent from the depot. Without this patch, the
update mechanism would get stuck in the failed depot-query step and
won't attempt to perform subsequent download jobs.
Fixes#3224
The storage dialog is folded when activating the runtime view (e.g., by
clicking on the Genode Logo). This should happen immediately as response
of the mouse click.
This patch improves the separation of the update and layout phases to
avoid superfluous geometry animations of its child widgets. Prior this
patch, 'Widget::geometry' was called in both phases, potentially
triggering geometry animations with intermediate values at the update
phase.
Related to issue #3221
The button widget already supported an animated transition between
hovered and unhovered states. This patch generalizes the mechanism to
allow animated transitions between arbitrary button states, including
style changes.
This way, the fade-out of non-TCB components in Sculpt CE happens not
abruptly but smooth.
Fixes#3221
This patch makes the application of color/alpha from the icon's texture
to the target surface customizable by replacing the formerly built-in
'_transfer_pixel' function by calls to the new 'Pixel_rgba::transfer'
interface.
Issue #3221
The new 'transfer' function interface defines how pixel/alpha values
sampled from texture are applied to a destination pixel, similar to the
role of a fragment shader in GPU-based rendering. The transfer function
can be customized by defining custom pixel types, which may be (but
don't need to be) derived from 'Pixel_rgba'.
Issue #3221
The default 'Rect' constructor constructs an invalid rectangle where the
p1 coordinates are lower than the p2 coordinates. In particular, p1 is
set to (1, 1). The 'Widget' implementation uses the points individually
as input into the 'Animated_rect' mechanism. This way, widgets end up
being positioned at (1, 1) initially and are moved to (0, 0) once the
first layout update is applied. By explicitly initializing the
'_geometry' to (0x0+0+0), we avoid this initial artifact.
When entering/leaving sub menus of Sculpt's '+' menu, some parts of the
menu sometimes remain unchanged, in particular the back button.
Originally, a click would reset the hovering on clicks in the
expectation that any click would eventually result in a completely new
situation where the old hovering information does not make sense and
would only (potentially) confuse the menu. But this was apparently
overzealous. With the patch a once hovered back button stays hovered
even when actitivated and the back button of the upper-level menu
happens to stay under the current pointer position.
Issue #3209
This patch improves the hover handling in situations where the dialog
changes under the pointer. Previously, hover changes were reported
as response to user input only, which failed to cover this case. This
became a problem with Sculpt CE's '+' menu, which changes on the fly
when entering/leaving sub menus.
The patch also cleanly separates the hover handling from the focus
handling. Originally, the hovering was reset when the menu view got
unfocused. In situations like Sculpt's '+' menu where the menu view
receives a transient focus only while clicked and gets unfocused on the
button-release event (aka clack), each clack would invalidate the hover
information until a new input event comes in.
Finally, the patch introduces the clear distinction between situations
where the entire dialog is hovered or not. Previously, this state was
somehow implicitly kept by issuing an invalid hover report whenever a
leave event was observed.
Issue #3209
When a window is moved, the virtual pointer position must be updated,
taking the changed input coordinate into account. This patch propagates
such changes via absolute motion events to the client.
Without this patch, Sculpt CE's '+' menu wouldn't update the hovered
item correctly when entering/leaving sub menus (which happen to trigger
the repositioning of the menu on screen).
Issue #3209
The site download.qt.io seems to apply some mirror-via-HTTP-redirect
scheme which, unfortunately, seems broken (and therefore annoyingly
slow) for non-SSL-secured URLs.
* Introduce 64-bit tick counter
* Let the timer always count when possible, also if it already fired
* Simplify the kernel syscall API to have one current time call,
which returns the elapsed microseconds since boot
When specifying the attribute 'dep_visible="false"' for a primary
dependency or the attribute 'visible="false"' for a secondary
dependency, the dependency is used for the layout calculation but not
displayed in the graph.
- Omit showing routes to uninteresting ROMs obtained from the parent,
i.e., the binaries requested by the sculpt-managed subsystems.
- Change the routes for the inspect subsystem such that the inspect-noux
instance is anchored at the config node (critical!) and the nit_fb
instance anchored at the used GUI.
The "schedule_post_signal_hook" method of the Genode::Entrypoint class
is problematic because the signal hook can be scheduled and replaced
multiple times during the signal dispatch cycle. Add an alternative to
this method with "register_io_progress_handler" and the "Post_signal_
hook" class with "Io_progress_handler". The difference being an
"Io_progress_handler" may be registered once during the lifetime of an
entrypoint to prevent arbitrary libraries from replacing a pending hook.
The "register_io_progress_handler" remains as a deprecated API, and is
now invoked for every I/O signal received and only for I/O signals
rather than for any signal.
Ref #3132
This patch excludes the current "Construction" from the list of
"present" components in the runtime. Without the patch, a missing "wm"
would go unmissing once when the routing dialog of a new wm instance
appears. Now an already present window layouter that had a broken route
would prematurely re-appear in the config, which should not happen
because the new wm does not exist yet.
When buiding the sculpt image, the sculpt.run script used to integrate
the current version of the index of the 'depot_user' into the boot
image. At runtime, when the Sculpt partition is selected for "use" this
index - along with the 'pubkey' and 'download' files of the known
depot users - is written to the Sculpt partition.
This has the undesirable effect that a later version of the index
(published some time after the sculpt image was created) would always be
overwritten by the outdated index shipped with the boot image.
The built-in default index was actually a stop-gap solution needed
during the development of Sculpt CE, introduced when the downloading of
index files was not yet supported. Now, with the working download
mechanism, it is no longer needed. Hence, this patch removes the default
index from the sculpt image.
This commit removes most of the default launchers, which are now
superseded by the interactive component addition feature of the '+'
menu.
We keep the chroot components because we cannot easily create chroot
instances interactively yet.
The usb_devices_rom is still needed because its configuration is meant
to be edited at runtime.
It also adds a 'themed_wm' launcher to make the initial sculpt
experience easier. For knowledgeable users, the index contains all
ingredients needed to build a multi-component window manager manually.
This commit turns the '+' menu into a tool for the following tasks:
- Selecting and downloading of depot index files
- Browsing of the hierarchical depot index files
- Installation of packages found in the index files
- Interactive routing configuration of a selected package
- Deployment of configured component
Sculpt used to restrict the size of leitzentrale windows to the screen
area that is not obstructed by the menu and log. This is useful for the
runtime view and the inspect window. However, the menu should be allowed
to use the entire screen because it overlays the other content.
Before this patch, the menu wouldn't be displayed completely on small
resolutions (e.g., 1024x768 when using the VESA driver) because the log
at the bottom of the screen imposed the size constraint on the menu.
With the patch, the menu is able to overlay the log window.
This patch enhances the runtime view such that not only immediate
dependencies but also all transitive dependencies of the selected
component are displayed. This way, the graph nicely reveals the
trusted computing base of the selection.
Instead of parsing the runtime's configuration each time when generating
the graph dialog (e.g., when changing the hover state), extract the
relevant information only on configuration changes.
The runtime view, launcher query, and depot query increase the
complexity of the graph without providing a tangible value to the user.
This patch omits those components from the runtime view to make the
graph less confusing.
Append "..." to button labels whenever the button does not perform an
immediate action but merely toggles user-interface elements. This
tells the user that the button can be pressed without risk.
With this commit, the 'installation' input of the depot-download
subsystem accepts <index> nodes in addition to <archive> nodes. Each
index node refers to one index file specified via the 'path' attribute.
This commit also improves the tracking of failure states. Once an
installation job failed (due to a download of verification error),
it won't get re-scheduled. In the past, such failure states were not kept
across subsequent import iterations, which could result in infinite
re-attempts when an installation contained archives from multiple users.
The the progress of the download process is now reflected by the
"progress" attribute on the download manager's state report, which
allows the final report to contain the list of installed/failed archives
along with the overall progress/completed state. The detection of the
latter is important for the sculpt manager for reattempting the
deployment of the completed packages.
The patch enhances the depot_download.run script to stress the new
abilities. In particular, the scenario downloads a mix of index files
(one present, one missing) and archives, from two different depot users
(genodelabs and nfeske).
Issue #3172
The input for the pkg index is located at gems/run/sculpt/index.
The sculpt.run script uses this input for generating the depot index
file at depot/<user>/index/<version>.
The tool/depot/publish tool support arguments of the form
<user>/index/<version> where <version> corresponds to the Sculpt
version.
Issue #3172
This prevents the situation where the user has booted the system, has
not yet selected a storage target to "use" for Sculpt, yet clicks on the
'+' menu. Such clicks show no immediate response because Sculpt cannot
know where to deploy the selected package. But since the user is not
guided towards resolving this prerequisite, it's better to not present
the menu in the first place. The '+' appears as soon as a storage target
is selected for "use".
This error message may occur during the startup of a multi-component
application when the very first dialog is generated just after the menu
view is ready. It is not an error.
This commit adds the following styles:
button/enter - for entering a sub menu
button/back - for returning from a sub menu
button/radio - for picking one item of a list
button/checkbox - for making a selection
frame/transient - for temporary GUI elements
This message is diagnostic, but also occurs in legitimate situations
such as the wm in Sculpt's Leitzentrale where the focus is managed
completely outside the wm.
The zynq nic_drv also depends on hw, we therefore adapted the folder
structure for clarity. Also renamed the binary to 'zynq_nic_drv' to
prevent conflicts and to allow removing the cadence_gem spec.
Issue #3179
In commit "hw: improve cross-cpu synchronization" the implicit safe
initialization of the global kernel lock gets unsafe.
It is a static object, which is protected by the cxx library regarding
its initialization. But our cxx library uses a Genode::semaphore in
the contention case of object construction, which implicitly leads
to kernel syscalls for blocking the corresponding thread. This behaviour
is unacceptable for the kernel code.
Therefore, this fix guards the initialization of the kernel code with
a simple static boolean value explicitely.
Ref #3042
Ref #3043
'append_platform_drv_config' appends to the global 'config' variable,
which seems to cause problems with the order of appending when the
'config' variable does not contain the '<config>' start node yet.
'[platform_drv_config]' can be used instead to append to a local variable.
Fixes#3171
This patch simplifies the propagation of pointer shapes from
window-manager clients to the pointer. The "shape" report is routed to
the wm server, which, in turn, reports it to the pointer. This way, the
pointer can easily correlate the label of the application's "shape"
report with the label of the application's Nitpicker session. The
formerly used manual rewriting of the "shape" label is not needed
anymore.
Since the wm server provides a "Report" service now, its <provides>
declaration must cover "Report" in addition to "Nitpicker" to avoid
runtime error messages. Vice versa, the wm is now expected to request
"shape" reports, which should be routed to the pointer (using the
'label_last' routing attribute).
Fixes#3165
The lwIP VFS plugin uses lwIP pbuf chains to queue recieved TCP data and
must rechain them when the application dequeues data. Remove an
"pbuf_realloc" call which is not needed for updating pbuf metadata when
dequeuing the head of the chain.
Fix#3169
This commit removes APIs that were previously marked as deprecated. This
change has the following implications:
- The use of the global 'env()' accessor is not possible anymore.
- Boolean accessor methods are no longer prefixed with 'is_'. E.g.,
instead of 'is_valid()', use 'valid()'.
- The last traces of 'Ram_session' are gone now. The 'Env::ram()'
accessor returns the 'Ram_allocator' interface, which is a subset of
the 'Pd_session' interface.
- All connection constructors need the 'Env' as argument.
- The 'Reporter' constructor needs an 'Env' argument now because the
reporter creates a report connection.
- The old overload 'Child_policy::resolve_session_request' that returned
a 'Service' does not exist anymore.
- The base/printf.h header has been removed, use base/log.h instead.
- The old notion of 'Signal_dispatcher' is gone. Use 'Signal_handler'.
- Transitional headers like os/server.h, cap_session/,
volatile_object.h, os/attached*_dataspace.h, signal_rpc_dispatcher.h
have been removed.
- The distinction between 'Thread_state' and 'Thread_state_base' does
not exist anymore.
- The header cpu_thread/capability.h along with the type definition of
'Cpu_thread_capability' has been removed. Use the type
'Thread_capability' define in cpu_session/cpu_session.h instead.
- Several XML utilities (i.e., at os/include/decorator) could be removed
because their functionality is nowadays covered by util/xml_node.h.
- The 'os/ram_session_guard.h' has been removed.
Use 'Constrained_ram_allocator' provided by base/ram_allocator.h instead.
Issue #1987
Make the size of the packet buffer at the VFS File_system client
configurable. This allows larger reads to be completed in a single
packet cycle.
Example: <vfs> <fs buffer_size="512K"/> </vfs>
Fix#3167
QEMU implements the cycle count register read by
'Genode::Trace::timestamp()', but does not report a supported debug model
version for Cortex-A9.
Fixes#3154
1) A session request gets denied if there is no matching session policy.
(The <defaul-policy/> tag can be used for the former default behavior)
2) A session request gets denied if the MAC address is given through the
matching policy but this address cannot be allocated.
3) A session request gets denied if the MAC address is not given through the
matching policy and it is also not possible to allocate one.
Issue #3040
This is a follow-up commit of "base/core: use references instead of
pointers". Because the 'Rm_root::_upgrade_session' implementation
lacked the 'override' keyword, my overzealous change of the pointer
argument went unnoticed.
This commit fixes the depot_rom (cached_fs_rom) failure in Sculpt.
When cached_fs_rom attempted to create a new managed dataspace while the
RM session quota was depleted, it tried to upgrade the session (via
Rm_connection::create). However, the upgraded resources never reached
the actual session because the default 'Root_component::_upgrade_session'
was called instead of 'Rm_root::_upgrade_session'.
Issue #3135
This patch enhances the packet-stream API with the principle ability to
side-step the built-in implicity data-flow signals and manage the
signals manually. This allows for a more efficient batching of packet
processing.
Issue #3092
The 'tx_cap' RPC function is only used at session-creation time. For
this reason, it was not listed in the "official" RPC interface in
'block_session.h'. However, this makes the interface more obscure than
it needs to be. So this patch promotes it to a regular RPC function.
Issue #3092
This patch adjusts the implementation of the base library and core such
that the code no longer relies on deprecated APIs except for very few
cases, mainly to keep those deprecated APIs in tact for now.
The most prominent changes are:
- Removing the use of base/printf.h
- Removing of the log backend for printf. The 'Console' with the
format-string parser is still there along with 'snprintf.h' because
the latter is still used at a few places, most prominently the
'Connection' classes.
- Removing the notion of a RAM session, which does not exist in
Genode anymore. Still the types were preserved (by typedefs to
PD session) to keep up compatibility. But this transition should
come to an end now.
- Slight rennovation of core's tracing service, e.g., the use of an
Attached_dataspace as the Argument_buffer.
- Reducing the reliance on global accessors like deprecated_env() or
core_env(). Still there is a longish way to go to eliminate all such
calls. A useful pattern (or at least a stop-gap solution) is to
pass the 'Env' to the individual compilation units via init functions.
- Avoiding the use of the old 'Child_policy::resolve_session_request'
interface that returned a 'Service' instead of a 'Route'.
Issue #1987
The notion of a RAM session does not exist anymore. Hence, we have to
adjust the name of 'init_env_ram_session'. Since this change modifies
the ABI, it comes as separate commit.
Issue #2407
Refactor the graphical terminal server to internally represent
characters as 16-bit codepoints and handle the duplex terminal stream as
UTF-8.
- Make the Codepoint class printable to the Output interface
- Decode data received at the Terminal session from UTF-8 to a 16-bit
character
- Pass 16-bit characters through terminal decoder and char-cell arrays
- Send Unicode through terminal session in a burst of UTF-8 bytes
Fix#3148
- support to create multiple vCPUs
- support to implement Vm_session methods client side within base library
- adjust muen specific virtualbox4 version to compile/link
Issue #3111
The minimal-footprint Ada runtime for implementing library-like
functionality in SPARK is now called "spark" runtime.
The full Ada runtime for entire components written in Ada and using the
libc as glue to the underlying system will move to the world repository
as "ada" runtime.
Issue #3144
Also added a report_rom for USB devices and let the driver report like
in a real scenario. Can also be used for debugging by setting
verbose="yes" in report_rom.
And most importantly: use the same size everywhere.
Note, this commit also configures the stack size of noux-process threads
to 64 KiB independently of the CPU architecture. The reason is the
increased stack usage because of the additional argument space in
Execve_child_env in syscall(SYSCALL_EXECVE), which crafts a child
environment on stack for the creation of the new child.
Fixes#3145.
As we don't execute the acpi_drv on Muen, we have to supply a static
'acpi' info as boot module. This is normally done by the
base/run/platform.inc include. However, when using base-hw-muen kernel
from a depot archive - as done by modern run scripts like
depot_download.run - the platform.inc magic is not applied.
This patch enhances the src archive of base-hw-muen with a mechanism
that creates a pre-defined acpi info at the bin directory via an
artificial src/acpi/target.mk file. This way, the static acpi ROM ends
up as boot module when importing the base-hw-muen archive into a
run script.
* Increase the CMD length to accomodate the limit of the wpa_supplicant
* Fix case where multiple SSIDs with 32 bytes are used
* Use Expanding_reporter for accesspoints report
Fixes#3139.
The 'run_genode_until' procedure only called 'run_power_on' to reset
the target machine. That works will with the softreset module, which
is used by all x86-based test system but falls short regarding ARM
boards. The way those boards are connected requires turning the power
off and on for a complete cycle.
On a Lenovo ThinkCentre M57p, the system locks up when the UHCI controller
BIOS handoff (disabling bit 4 in the LEGSUP register) for the controller
with PCI BDF 00:1d:2 is attempted before the handoff for the controller
with BDF 00:1a:0.
Fixes#3138
This patch replaces the former prominent use of pointers by references
wherever feasible. This has the following benefits:
* The contract between caller and callee becomes more obvious. When
passing a reference, the contract says that the argument cannot be
a null pointer. The caller is responsible to ensure that. Therefore,
the use of reference eliminates the need to add defensive null-pointer
checks at the callee site, which sometimes merely exist to be on the
safe side. The bottom line is that the code becomes easier to follow.
* Reference members must be initialized via an object initializer,
which promotes a programming style that avoids intermediate object-
construction states. Within core, there are still a few pointers
as member variables left though. E.g., caused by the late association
of 'Platform_thread' objects with their 'Platform_pd' objects.
* If no pointers are present as member variables, we don't need to
manually provide declarations of a private copy constructor and
an assignment operator to avoid -Weffc++ errors "class ... has
pointer data members [-Werror=effc++]".
This patch also changes a few system bindings on NOVA and Fiasco.OC,
e.g., the return value of the global 'cap_map' accessor has become a
reference. Hence, the patch touches a few places outside of core.
Fixes#3135
The new method allows for the construction of a meta-data object inside
the reserved space of the allocator's meta data. It thereby alleviates
the need to copy the meta data object (via the assignment operator) as
done by the traditional 'metadata' setter method. This, in turn, allows
one to use non-copyable objects (like objects with constant member
variables) as meta data.
This patch moves the removal of the signal context from the
'_platform_finish_dissolve' to the '_platform_begin_dissolve'
method. This is needed because the removal involves taking
the signal-registry lock. The latter must adhere the same
locking order as the code path used for signal delivery.
Fixes#3109
Move the allocation of the session packet buffer into a subclass that is
constructed before the File_system RPC object. This allows the buffer
allocation to be wrapped in a constructor/destructor class and clearly
accounted for.
Fix#3134
The situation where a 'Session_policy' is constructed for a label with
no matching policy is in almost all cases a configuration problem.
A diagnostic message eases pin-pointing such mistaks. By adding the
message to the 'Session_policy', servers don't need to manually handle
the exception to provide diagnostic information. This simplifies the
server code in many components.