Instead of allocating the stack via 'kmalloc' point it to the actual
stack used by the task. This addresses issues with the USB
host-controller driver where sometimes hub port enumeration is not
working.
Fixes#4522.
We locally disable 'address-of-packed-member' warnings because GCC complained
about possible alignment issues when returning a reference to a packed member
as naturally aligned pointer (for some reason only on arm_v8a). We know that
the member is aligned to NETDEV_ALIGN via __attribute__ and that the warning
is therefor unnecessary.
Ref #4519
We have to correct the CC_OPT_* variable for these files and used to do so via
phony pre-requisite for the corresponding object files because the correction
had to take place after the variable initialization in
import-lx_emul_common.inc and before the creation of the object files. However,
this caused the objects to always rebuild.
This commit fixes this issue by using Make's feature of target-specific
variables instead. The drawback of this solution is that we can no longer
override CC_OPT_* with a modification of its original value but instead have to
override with a completely new value. This is because otherwise, Make would
either complain about recursive assignment or produce an empty value.
Ref #4519
The strict conversion warnings were disabled during development when the
contrib code was still compiled with the wireguard lib. Now this isn't
necessary anymore as the contrib code is in the wireguard_lx_inc_dirs lib.
Ref #4520
With this commit, the WireGuard component exits with a descriptive uncaught
exception on invalid configurations or when the user attempts to re-configure
attributes that are not re-configurable (private_key, listen_port, interface).
This is particularly important when it comes to the not re-configurable private
key. If the component would just ignore the attempt to override the private
key, the user may come to believe that his old (potentially compromised)
private key is not in use anymore.
The fact that the component now exits instead shouldn't be a problem, as the
user would have to restart the component anyway in order to apply the new
attribute values.
The commit also extends the wg_reconfig run script to test that WireGuard
exits on the attempt to re-configure the private key.
Ref #4520
Support removing peers by removing them from the component configuration.
This commit also introduces the wg_reconfig run script that tests adding and
removing single peers.
Ref #4520
I used to set the peer flags to 2 when adding a peer but merely because I
observed that value in my reference Linux. I now found that the flag 1<<1 means
'WGPEER_F_REPLACE_ALLOWEDIPS' and is ignored whenever the peer is new. Anyway,
I keep setting the flag but with the clearer enum name because the wg tool is
doing it as well when adding new peers and we want to stay close to how the
original code interacts.
Ref #4520
Build description files that feature both an actual target and
CUSTOM_TARGET_DEPS happen to re-link the target each time whenever one
of the CUSTOM_TARGET_DEPS is phony, e.g., gems/src/app/menu_view/.
The re-linking of the actual target is of course not desired. By
triggering the creation of CUSTOM_TARGET_DEPS from 'all:' instead of
'$(TARGET)', the specified files do not implicitly become link
dependencies of the target.
Issue #3972
The extra definition introduced by commit:
"lx_emul & arm: define ZERO_PAGE" re-defined the macro included
by a header of the contrib sources. This commit removes the
contrib header and defines thereby missing macros.
Fixes wrong atomic_*(ptr) usage with u32 pointer introduced by
commit "lx_emul: eliminate wrong include pathes". Atomic read or
write is nt needed in our case, we always schedule cooperatively.
Since "Consolidate USB test run-scripts" usb_hid_raw.run depends on
depot archives. Therefore, '--depot-dir' and '--depot-user' must be
passed to the nested run tool to cover cases that customize the depot
(e.g., our nightly CI).
Issue #4511
Introduces the pkg/wireguard archive that depends on the new src/wireguard
archive and deploys one WireGuard component with an empty configuration (can
be configured by the user via a launcher, for instance).
Fixed#4519
Introduce an arch-specific wireguard lib that contains all code from the
former arch-specific target.mk files. This allows us to create a generic
target.mk that merely depends on the library and a dummy.cc file. The latter
ensures that building/linking of the target isn't skipped by the build system.
Ref #4519
The wireguard library's purpose is having a separate INC_DIR setting for the
files that need Linux include paths that would clash with Genode include paths.
Therefore, the name wireguard_lx_inc_dirs is more descriptive. Furthermore,
this allows us to create a new arch-specific wireguard lib in a future commit
in the course of preventing arch-specific target.mk's (a commonly used
approach in Genode).
Ref #4519
The driver wrongfully disabled all APs if it was configured with an
auto-connect list containing multiple APs when one of those was
disabled as a result of using wrong credentials.
This commit changes the way network enable- and disablement are
handled by only operating on the given access-point in question.
It also removes unused code touched by these changes.
Thanks to Peter for bringing this problem to our attention.
Fixes#4517.
There is a race between the trace subject doing the buffer
initialization and the monitor trying to iterate the buffer entries. If
the monitor tries to iterate entries of an uninitialized buffer, it will
read the very first entry twice. The monitor should therefore only start
iteration when the buffer has been initialised.
genodelabs/genode#4513
By declaring the generated menu_view_styles.tar archive as build
artifact, it is automatically picked up whenever menu_view appears as
build ingredient of sculpt.
build: app/menu_view
* Prevent page-faults when the active interface of a device got unset
during elimination of the device
* Resets devices, where a corresponding session got closed to
be re-useable when a new session gets opened
Ref #4512
* Instead of repeatedly spam the log with errors and
bring heavy load to the USB host controller driver
abort yourself when the device vanishs
Fixgenodelabs/genode#4515
With this commit, the Xoroshiro128+ PRNG in lx_emul/random.cc gets wrapped
by a new class that automatically re-seeds the PRNG with jitterentropy every
1024 * 1024 + random(0..4095) bytes of generated output.
Ref #4397
Both the Wifi driver and the WireGuard port used local implementations for
their source of randomness. Wifi used a Xoroshiro128+ PRNG for rapid generation
of random values but initialized this PRNG always with the same static seed
value. WireGuard, in contrast, requested each random byte directly from the
jitterentropy lib, which is considered to be very time intensive.
This commit removes the local variants of random.cc and introduces a new
centralized lx_emul/random.cc . The new variant combines the former approaches,
so, that jitterentropy is accessed only in order to generate a random seed for
a Xoroshiro128+ PRNG. Front-end requests for random values are then fulfilled
efficiently via the PRNG.
:Warning:
The output of the Xoroshiro128+ PRNG that is used in the new implementation of
the lx_emul randomness functions has known statistical problems (see
https://en.wikipedia.org/wiki/Xoroshiro128%2B#Statistical_Quality).
Furthermore, the integration of Xoroshir128+ with the lx_emul code was not
reviewed/audited for its security-related properties, so far, and has the
known deficiency of seeding the PRNG only once during initialization. Thus,
we strongly advise against the use of the lx_emul randomness functions for
security-critical purposes.
Ref #4397
This patch simplifies the use of the menu_view in scenarios where no
absolute motion events but only touch events occur. Previously, such
scenarios required the creation of artificial absolute motion events
via the event filter.
Issue #4514
The hover state is evaluated for the routing of input events. When
routing a touch event, the decision should be based on the most recently
observed touch position. Without this patch, however, the hover state kept
referring to the initial pointer position (screen center) in the absence
of any other motion events.
Issue #4514
A userland component that ports the Linux WireGuard kernel module (originally
from kernel version 5.14.21) and integrates it via a NIC session (public
network side) and an Uplink session (private network side). The
WireGuard-specific device configuration is done through the component
configuration. The port is done using lx_emul, lx_kit and the virt_linux
targets. The commit adds also 4 corresponding run scripts of which 3 are fully
automated of which 1 is added to the autopilot.
:Warning:
Although in principal functioning, the WireGuard port has not been exposed to a
sufficient amount of real-world testing, so far. Therefore, we strongly
recommend not to use it in any security-critical scenarios! There is no
guarantee that the port meets any of the security goals pursued by the
WireGuard protocol or other WireGuard implementations!
Ref #4397
The implementation was copied from the already existing LX-emul implementation
for x86 but the commit additionally page-aligns the array that serves as
backing store for the zero page as we assume this to be expected by the contrib
code. However, this commit doesn't apply the alignment also to the x86
implementation as we agreed, that this should be done in a separate commit.
Ref #4397
* Adds methods for copying raw data to the data field of Ethernet frames and
UDP packets. This is used in the port to wrap the higher-layer packet data
prepared by the contrib code with the additionally required headers before
sending it at a network session.
* Adds a method to cast raw data to an IPv4 packet. This is required in the
port in order to check values in stand-alone IP packets produced by the
contrib code before sending them at a network session.
* Adds methods for setting UDP ports given big endian port values without
having to convert to little endian in the app and then back to big endian in
the net lib.
Ref #4397
The driver did not allow for setting module parameters and so far
no one complained. Remove the option to prevent the misleading of
users.
Issue #4506.
Since Linux does not use the arch-independent spinlock structs for ARM,
we must use different members when accessing the lock value.
genodelabs/genode#4499
to work again. The drivers interactive package does not provide a Platform
service anymore, so remove the audio driver. A lot more mesa related libraries
are required now.
This commit de-duplicates the redundant dummy implementations and
to some degree also the 'lx_emul.c' implementations while also
decluttering the various 'dep.list' files.
The code is moved into 'src/lib/pc/lx_emul' where it becomes part
of the 'pc_lx_emul' library.
Fixes#4500.
Instead of each driver providing its own header file use a central
header as the initcall order header should cover _all_ provided
initcalls resulting from the used 'pc_linux' kernel config.
Note that the 'pc_linux' configuration was extended with the
'USB_USBNET' option because the module's initcall is needed for the
Genode C API for USB glue-code and the 'PACKET' option needed by
the wireless lan driver.
The lack of theses options was not noticed as each driver used its
own initcall header so far that stemmed from the initial porting
effort.
Issue #4500.
* Some fixups for the README
* Make config ROM const when used for the session policies
* Turn Reporter into Expanding_reporter
* Always first register ROM signal handler before parsing it the first time
Outsource parts of the Main object into a common compound object,
common parts of the Makefile description and depot source package.
Fixgenodelabs/genode#4503
* Parse PCI specific information from devices ROM
* Enable DMA, I/O memory and I/O port access dependent on BARs in config space
* Introduce device PD for Nova + IOMMU support
* Enable MSIs if available
* Add PCI specific policy rules
Fixesgenodelabs/genode#4502
Instead of returning an invalid device capability when a device
is (not yet) available, e.g. a PCI device is requested before the
PCI bus got parsed accordingly, we check the device capability
within the Platform::Connection utilities, and register temporarily
an Io_signal_handler to wait for changes of the devices ROM, and
try the device aquisition again. Thereby, simple drivers so not have
to take the burden to do so.
To enable this feature for all drivers, we always have to export a
devices ROM, but limit the information about physical resources
(I/O memory addresses, IRQ numbers, I/O port ranges) to clients with
'info=yes' in their policy description.
Fixgenodelabs/genode#4496
By adding a 'report' node to the platform driver's configuration
one can enable either devices or config reports. The devices
report contains all devices and their detailed state, as well as
whether it is already in use or not. The config report contains
one by one the current configuration of the platform driver.
Moreover, this commit adds a README file describing the facilities
of the platform driver.
Fixgenodelabs/genode#4386
If PCI devices happen to miss complete configuration after boot, the
platform driver supports <pci-fixup> nodes for concrete devices
(specified by bus-device-functions tuples). The
<bar> node instructs the platform driver to remap BAR id 0 to address
0x4017002000, which amends the BIOS configuration and is stringently
required for BARs with address 0.
! <pci-fixup bus="0" device="0x15" function="3">
! <bar id="0" address="0x4017002000"/>
! </pci-fixup>
The issue was discovered with Intel LPSS devices in Fujitsu notebooks.
Fixes#4501
This patch changes the libc to query the stack size from the
config attribute <libc> <stack size=""/> </libc> for regular
components, not only cloned processes.
To discharge the generic platform driver from certain PCI bus scanning,
and ACPI + kernel specifics, this commit introduces a new component,
which consumes the acpi drivers report and the platform_info from core
to prepare a devices ROM for the platform driver that contains all
PCI devices and its resources.
Fixgenodelabs/genode#4495
USB Attached SCSI devices might expose a bulk-only interface
as fall-back at interface 0 and alternate setting 0. This commit
allows for probing all alternate settings of the active interface
to be able to use such devices.
The configuration was extended so that in case the device interface
is known beforehand the driver can be configured accordingly.
Fixes#4494.
Deploying an overly large meta-pkg in Sculpt leads to an
'Xml_generator::Buffer_exceeded' exception. Using the expanding
reporter solves this problem.
Fixes#4493.
In case we are instructed to reauthenticate and were already
authenticated we ignore the request in the management layer
and let 'wpa_supplicant' deal with that.
Fixes#4488.
The vanilla NOVA kernel solely supports tracking and exporting of execution
times per SC kernel object, but not per thread (EC object). The commit extends
to track execution times per EC in the NOVA kernel, exporting it to Genode's
'core' roottask and populating Genode's Trace::Subject_info structure.
Fixes#4481
Remove handling of ACPI (SCI) interrupt from kernel and thereby let the
handling of the ACPI irq exclusively to an Genode driver. On Genode the ACPICA
library+app handles the ACPI irq, where we can now remove the contrib patches
related to the synchronization between NOVA kernel and ACPICA library.
Fixes#4479
When using the framebuffer driver on this machine the
'cpu_latency_qos_request_active' dummy is triggered. Removing the
trace-and-stop call makes the driver usable.
In addition, 'cpu_latency_qos_remove_request' is changed as well
although it is guarded by 'cpu_latency_qos_request_active'.
Fixes#4489.
This patch fixes rare freezes of menu view instances, which could happen boot
time whenever the leitzentale GUI happens to get initialized before the display
driver finished setting up a reasonable mode. In this case, the resolution-
dependent font size can temporarily get almost zero, tripping up the glyph
renderer.
Since the driver relies on all requests being Nvme::MPS_LOG2 aligned
as advertised in its Block::Info the added check will reject any
misaligned requests (using 'gpt_write' led to an IOMMU write fault).
Issue #4486.
2560x1440 resolutions require more RAM resources. Additionally, make
sure that the decorator 'init' receives enough CAPs to service the
decorator configuration.
fixes#4485
* Claim and release USB interfaces
* Collect URBs in flight in anchor list
* When releasing interfaces, wait until all
anchored URBs finally got killed successfully
Fixgenodelabs/genode#4483
In rare cases it is necessary to execute Linux contributed code
until certain work is finished, e.g. when in a synchronous RPC call,
a session construction or destruction a result is needed. Therefore,
we introduce a new lx_emul function called lx_emul_execute_kernel_until.
Ref genodelabs/genode#4483
To signal that a device gets used and released by a session
introduce claim, release, and release all callbacks in the
USB interface of the C-API.
Ref genodelabs/genode#4483
In case multiple devices shared the same memory-mapped I/O page
we have to take the offset into account. This commit fixes the
'pc_usb_host_drv' on the Thinkpad X201 where the two EHCI host
controller share the some I/O memory page.
Fixes#4477.
With the new usb driver #4399 and usage of the updated dde_linux lx_eml/lx_kit
approach a much higher rate of IRQ session construction/destruction and signal
handler assignment (irq->sigh) are caused. This trickles down to the kernel,
which causes an hang of the AMD IOMMUs due to not setting reserved bits
adequately. The commit fixes the root cause in the kernel and add a guard
into core's to limit such driver behaviour.
Fixes#4482
The file listed only enabled="false" in the audio adapter tag. However,
setting only this option to true isn't sufficient for guest audio to work.
One has to set also enabledIn respectively enabledOut in the same tag. The
new default vbox6 file reflects this.
Fixes#4476
This patch fixes a potential data corruption issue that could occur when
issuing large I/O requests to vfs/rump, which don't fit into the default
block I/O buffer of 128 KiB. Note that we haven't observed the problem
in practice (Sculpt hosts vfs/rump in a dedicated vfs server, which
fragments requests) but spotted the issue while reviewing the code. We
could trigger problem by explicitly changing the I/O buffer size to 32
KiB.
Issue #4474
This patch changes the meaning of the 'offset' parameter of the
'produce_write_content' and 'consume_read_result' hook functions.
The value used to reflect the absolute byte position but in practice,
a job-relative byte offset is desired.
Issue #4474
Before this commit, the block-request handler was implemented as
Io_signal_handler and, additionally, the USB driver called the
block-request handler on request completion directly on I/O level. This
is generally a bad idea because I/O handlers should avoid to have direct
global side effects. In contrast, application logic should be
implemented in way that it consumes atomic state changes after I/O
completed. Now USB I/O completion locally submits a signal to the
block-request Signal_handler.
This patch reduces the response time of supposedly stuck situations like
an unresponsive part_block component. First, it reduces the heartbeat
rate from 1 to 2 seconds to make it consistent with the frequency of
state reports. Second, it allows up to four skipped heartbeats until
regarding the situation as stuck. With those changes, the prolonged
initialization sequence of a USB ZIP drive succeeds with Sculpt.
The Uplink_test used to end in an uncaucht exception about a failed packet
allocation on several x86_32 platforms.
* Destruct and re-construct the corresponding TX packet allocator during a
link-down-up step in the Uplink test. Fixes the exceptions but results in a
never ending test.
* Decouple the link-down-up steps from the handling of packet stream signals
by simply triggering it with a local periodic timeout of 1 sec period.
This prevents that the Uplink_test never finishes because it destructs the
Uplink connection too often.
* The test finishes not before at least 3 link-down-up steps were executed.
* Replace the Allocator_avl's used for the TX packet allocators of the Nic
and Uplink Connection with the better suited Nic::Packet_allocator.
Ref #4419
The error message
"Command buffer creation failed" in intel_dsb.c repeatedly appears
during connector hotplug. Since the driver works also without this DMA offload
optimization, disable the functionality.
Issue #4450
The service is merely announced but trying to request a session always causes a
Service_denied exception. This helps in scenarios where the client is
won't open a session anyway but expects the service to be available. This is
considered a temporary solution.
Ref #4419
This patch handles the corner case of switching virtual desktops while
child views are visible. Examples of such child views are tool tips,
pull-down menus, or the graph of the top-view utility. The switch to
another virtual desktop would implicitely turn the child views into
top-level views of the root nitpicker GUI server until switching back
to the original virtual desktop.
The patch implements the expected behavior of hiding all child views
that belong to a disappearing top-level view.
As it stands, the implementation requires minimal reflection measures to
implement correct cleanup procedure. static_cast<> cannot be used as it
does not implement runtime type casting as dynamic_cast<> does.
This patch reverts the vfs-watch-handle creation whenever the subsequent
allocation of the VFS server's 'Watch' object fails. This can happen
when the session RAM or cap quota is depleted.
Fixes#4472
The issue came apparent with Windows Guests and USB passthrough of
smart-card readers. If the VM is powered off, PDMR3Term cleans up all
devices incl. (first) acpi and (later) devxhci. The latter used a
dangling reference to ACPI structs in a indirect call to
apicIsLogicalDest() from xhciR3Destruct().
VMMR3_INT_DECL(int) PDMR3Term(PVM pVM)
virtualbox6/src/VBox/VMM/VMMR3/PDM.cpp:817
"apic" (pDevIns->pReg->szName)
static void apicR3TermState(PVM pVM)
virtualbox6/src/VBox/VMM/VMMR3/APIC.cpp:1235
"qemu-xhci" (pDevIns->pReg->szName)
static DECLCALLBACK(int) xhciR3Destruct(PPDMDEVINS pDevIns)
repos/ports/src/virtualbox6/devxhci.cc:431
void usb_detach(USBPort *port)
<qemu-usb>/src/lib/qemu/hw/usb/core.c:70
static void xhci_port_notify(XHCIPort *port, uint32_t bits)
<qemu-usb>/src/lib/qemu/hw/usb/hcd-xhci.c:2592
static DECLCALLBACK(void) pciSetIrq(PPDMDEVINS pDevIns, PPDMPCIDEV pPciDev, int iIrq, int iLevel, uint32_t uTagSrc)
virtualbox6/src/VBox/Devices/Bus/DevPCI.cpp:398
static bool apicIsLogicalDest(PVMCPUCC pVCpu, uint32_t fDest)
virtualbox6/src/VBox/VMM/VMMAll/APICAll.cpp:797
The fix removes our Qemu library reset from xhciR3Destruct() and
registers xhciR3Reset() as PowerOff hook.
Thanks to Raphael for the thorough investigation.
The quota adjustments prevent the leitzentrale's decorator from running
out of RAM, and allow the nitpicker GUI server to preserve buffer
content during resize (reducing flickering artifacts) when using a
screen resolution up to 2560x1440.
This fixes the following warning when building the binary archive:
Library-description file vfs_capture.mk is missing
Library-description file vfs_tap.mk is missing
'Platform::Device_pd::attach_dma_mem' may lead to insufficient resources
for meta data, which is reflected to the client via 'Out_of_caps' or
'Out_of_ram'. In case the client upgrades its session the quotas need to
be passed to core as done by
'Platform::Device_pd::Expanding_region_map_client::attach'.
issue #4451
Use 'avail_caps' and 'avail_ram' for resource guards because 'used_caps'
and 'used_ram' do not account for resources given to the platform
driver. This lead to incorrect resource accounting by the GPU
multiplexer.
issue #4451
The calculations of packet_size and packet_count in the block_io() did
not consider rounding errors. This resulted in diverging values over
several bisecting operations (/= 2) and wrongly-size packet allocations
as well as memcpy operations.
Related to #2263 (comments about partial block accesses and
_block_io()).
Fixes#4471
The NIC router used to handle each type of packet-stream signal with a distinct
method in the Interface class. However, merging those methods has advantages.
It ensures that sent packets that were already acknowledged by the counter side
are always released before handling received packets. This frees packet stream
memory which facilitates the potential allocation of response packets while
handling received packets. Furthermore, it simplifies the code and reduces the
number of entry points into the router.
This commit also removes the installation of signal handlers at packet streams
for events that are of no interest for the router (TX-ready-to-ack /
RX-ready-to-submit at NIC sessions and RX-ready-to-ack / TX-ready-to-submit at
Uplink sessions).
Fixes#4470
The driver falls in line with the previous 'legacy_wifi_drv' component
where the ported wireless LAN stack and device driver is encapsulated
in a library. This library in return is used by the 'Libc::Component'
providing the necessary environment for the 'wpa_supplicant'.
In constrast to the old driver a 'wifi' VFS plugin is in charge of
initalizing the 'Lx_kit::Env' prior to executing any static
constructors.
Fixes#4455.
Move 'linux-firmware' portion from 'dde_linux' into its own port,
while it is used by the upcoming new WLAN driver keep it in place
for the legacy one.
Issue #4455.
Various libraries, like libnl and wpa_driver_nl80211, used hardcoded
values for the interface index (ifindex) and name (ifname).
To accomdate the legacy as well as the upcoming new driver we add
functions to query these information where at least the index differs.
Issue #4455.
The location of the used 'source.list' file is hard-coded and will not
work when the ported driver is implemented as a shared library. For
this use-case provide means to set the location differently.
Issue #4455.
In case where the ported driver or protocol stack is executed from
an already managed environment, e.g. the libc, the execution
of the static constructors will be performed at the appropriate
time.
Issue #4455.
Whenever the nic_router encounters ARP requests on an interface
that does not have a valid IP config it will ignore them. However,
When increasing the verbosity of the component for diagnostic
purposes the resulting 'Bad network protocol' message is misleading.
Issue #4455.
* Test DHCP RENEW by the test client in the unmanaged variant.
* Add event IDs to log output of test client in order to prevent false positive
result in the managed variant.
* Let managed and unmanaged variant have separate string patterns for
'run_genode_until' because they already had different output and it will
differ even more as we don't want to test DHCP RENEW with the managed
variant.
* Delay first test client DHCP in order to fix unexpected sporadic initial IP
config.
* Remove some unnecessary code from the run script
Fixes#4460
The NIC router did update the IP config of a domain on a completed DHCP
REQUEST but not on completed DHCP RENEW or DHCP REBIND. Thus, it didn't adapt
to "real" DHCP servers (not NIC router servers) that got restarted with a
changed configuration by the means of RENEW/REBIND. The commit fixes this.
Note, that testing this is complicated as we don't have the necessary
infrastructure (we cannot simply use the DHCP server of the NIC router as this
would apply a link down/up sequence in order to let the client restart DHCP)
Ref #4460
After reverting unused ranges during allocator destruction
'_meta_data.free_empty_blocks' may lead to more unused ranges because
meta data blocks maybe freed where the meta data for the blocks is
managed by other meta data blocks. This leads to dangling allocation
warnings which are caused by meta data. Therefore, we call
'_revert_unused_ranges' and 'free_empty_blocks' until no more ranges
can be freed.
issue #4466
by using the io_mem RPC of the platform session instead of parsing the
bar resources manually. This commits avoids and breakage on systems where
the Intel graphic cards just uses 64bits with addresses above 4G.
Issue #4450
Compared to the bytewise memset, a wordwise memset (or even multi-word)
achieves a speedup of ~6.
On Zynq-7000/Cortex-A9:
317 MiB/s -> 2040 MiB/s
On base-linux x86_64:
3580 MiB/s -> 23700 MiB/s
genodelabs/genode#4456
Preloading a few cache lines ahead brings a significant speedup in
memcpy throughput. Note, the particular (optimal) value was empirically
determined on a Cortex-A9 (Zynq-7000) SoC @ 666Mhz. It is best combined
with L2 prefetching enabled (including double linefills and prefetch
offset 7). Yet, even without L2 prefetching this seems to be the sweet
spot.
genodelabs/genode#4456
The implementation is not in use any more. Furthermore, on typical ARM
cores such as the Cortex-A9, the cached read appears to be the
bottleneck rather than instruction density. On a Zynq-7000 SoC, the vfp
implementation performed significantly worse than the standard load/store
multiple implementation with preloading.
genodelabs/genode#4456
When executed on Linux, the test was impaired by the copy-on-write
optimisation since the source buffer was never initialised. By default,
Linux only maps a zeroed page until the first write access to the page
occurs. Since the source buffer was never written, the corresponding
page was always present in the physically-indexed data cache. In
consequence, the test merely measured write performance (similar to memset).
genodelabs/genode#4454
Send usb ctrl transfers with one second timeout as some devices (e.g.,
smartcard readers) do not response to certain control transfers.
Thanks to Peter for the investigation.
The i2c code has a busy loop (see commit for the location), which expects that
the jiffies advances without a cooperative scheduling decision.
Issue #4450
Our usb_host driver supports UHCI, OHCI, EHCI, and XHCI host
controllers. The USB4 host interface / Thunderbolt is currently not
supported and must therefore not be passed to the USB host driver.
If any PCI device reports 0 as interrupt PIN, drivers may try to force
MSI setup (e.g., xhci). So, we clamp the interrupt PIN to 1 to let
drivers finish initialization and don't bother the platform driver.
Encountered on the Fuji5 where for reasons currently unknown the
first xHCI HC (0:0d.0) could not be initialize due to incomplete
interupt informations. The other HCs appear to work fine (tested
with a USB low-speed mouse).
This commit removes all physical notions from the information given
to the Linux kernel regarding PCI BARs.
With the exception for the host bridge that needs to be located at
'0:00.0' as required by the Intel FB driver, all other devices are
announced at the PCI BUS in an ascending order.
Additionally the MMIO regions start at 1 GiB and are capped at 32 bit
to prevent unnecessary access to 64 bit addresses.
With this fix, the driver no longer aborts on the Tigerlake notebook and
just skips the out-of-region ACPI table. Issue #4452 is not fixed by
this commit, but in this specific case the table is not used anyway.
Upgrade to the well known worst cases by the GPU multiplexer. Do not
keep track of resources locally, in case resources are exceeded the
remain so anyway.
issue #4451
Check if there are a least 4 caps + 2MB (heap) + possible buffer size
available before any resource allocation. Only account resources that are
actually used.
issue #4451
The former implementation relied on the behaviour of how the old
intel fb driver requested the pci devices. The new lxkit however actually
really want to have all available pci devices.
Issue #4450
required by the upcoming update of the intel display driver. Make this addition
explicit, because it triggers adjustment also on the new pc_usb_host_drv.
Issue #4450
If size is zero, the platform goes out of service by:
[init -> platform_drv] Error: Uncaught exception of type 'Genode::Ram_allocator::Denied'
[init -> platform_drv] Warning: abort called - thread: e
Issue #4450
Also, the repository URL was adapted to the permanent redirect to github
to prevent the following warning.
dde_ipxe download http://git.ipxe.org/ipxe.git
dde_ipxe git Cloning into 'src/lib/dde_ipxe'...
dde_ipxe git warning: redirecting to https://github.com/ipxe/ipxe/
dde_ipxe update src/lib/dde_ipxe
This patch adds the trace-logger utility to the default set of packages
along with an optional launcher. With this change, only two steps are
needed to use Genode's tracing mechanism with Sculpt:
- Add 'trace_logger' to the 'launcher:' list of the .sculpt file
- Either manually select the 'trace_logger' from the '+' menu,
or add the following entry to the deploy configuration:
<start name="trace_logger"/>
By default, the trace logger is configured to trace all threads
executed in the runtime subsystem and to print a report every 10
seconds. This default policy can be refined in the launcher's <config>
node. Note that the trace logger does not respond to configuration
changes during runtime. Changes come into effect not before restarting
the component.
Issue #4448
This patch changes the output format of the trace logger to become
better suitable for human consumption. For example, when instrumenting
the VFS server in Sculpt using the GENODE_TRACE_TSC utility, the
trace logger now generates tabular output as follows.
Report 4
PD "init -> runtime -> arch_vbox6 -> vbox -> " ----------------
Thread "vCPU" at (0,0) total:12909024 recent:989229
Thread "vCPU" at (1,0) total:5643234 recent:786437
PD "init -> runtime -> ahci-0.fs" -----------------------------
Thread "ahci-0.fs" at (0,0) total:910497 recent:6335
Thread "ep" at (0,0) total:0 recent:0
71919692932: TSC process_packets: 8005M (4998 calls, last 4932K)
71921558516: TSC process_packets: 8006M (4999 calls, last 1596K)
71922760220: TSC process_packets: 8007M (5000 calls, last 1006K)
71929853586: TSC process_packets: 8009M (5001 calls, last 1840K)
71931315246: TSC process_packets: 8011M (5002 calls, last 1253K)
72127999920: TSC process_packets: 8016M (5003 calls, last 5606K)
72129568198: TSC process_packets: 8018M (5004 calls, last 1345K)
77161908178: TSC process_packets: 8029M (5005 calls, last 11349K)
77643225736: TSC process_packets: 8029M (5006 calls, last 217K)
89422100594: TSC process_packets: 8035M (5007 calls, last 5656K)
89422123632: TSC process_packets: 8035M (5008 calls, last 1342)
Thread "signal handler" at (0,0) total:36329 recent:3001
Thread "signal_proxy" at (0,0) total:51838 recent:13099
Thread "pdaemon" at (0,0) total:97184 recent:332
Thread "vdrain" at (0,0) total:1266 recent:286
Thread "vrele" at (0,0) total:1904 recent:516
PD "init -> runtime -> nic_drv" -------------------------------
Thread "nic_drv" at (0,0) total:34044 recent:897
Thread "signal handler" at (0,0) total:369 recent:142
...
Subjects that belong to the same PD are grouped together. The formerly
optional affinity and activity options have been removed. Those
information are now unconditionally displayed. The trace entries
belonging to a thread appear as slightly indented.
The patch also updates the coding style, avoiding excessively long
lines.
Issue #4448
This patch reduces repetitive log output by omitting inactive trace
subjects from the log output. The information about all subjects can
still be dumped by setting 'verbose="yes"'.
Issue #4448
This patch splits the creation and updating of monitor objects into two
stages. The creation of a monitor object changes the state of the
associated trace subject. The patch ensures that the new state is
captured by the update of the monitor object.
Issue #4448
This patch makes the trace-subject state as reflected to the trace
monitor more accurate.
Until now, a subject could be in UNTRACED or TRACED state. In reality,
however, there exists an intermediate state after the trace monitor
called 'trace' for the subject but before the subject locally activated
the tracing (done when passing a trace point). This intermediate state
was reflected as UNTRACED. Consequently, threads that never pass a trace
point (e.g., just waiting for I/O) would remain to appear as UNTRACED
even after enabling its tracing by the trace monitor. This is confusing.
This patch replaces the former UNTRACED and TRACED states by three
distinct states:
UNATTACHED prior any call of 'trace'
ATTACHED after a trace monitor called 'trace'
but before the tracing is active
TRACE tracing is active
Fixes#4447
The new macros GENODE_TRACE_TSC and GENODE_TRACE_TSC_NAMED complement
the existing GENODE_LOG_TSC and GENODE_LOG_TSC_NAMED macros to simplify
TSC measurements at a low overhead of the trace mechanism.
The utilities of the new util/formatted_output.h header complement the
existing base/output.h with the text-formatting support needed to
produce tabular output.
Fixes#4449
First, the endpoint update has to comply with the current alternate
settings of all interface, which are stored in USBDevice::altsetting[]
(one value per interface). Second, a SET_INTERFACE control request via
Packet_type::ALT_SETTING must update USBDevice::altsetting for the
interface.
Now, USB devices with multi-setting interface like the Joulescope JS110
with mixed bulk/isochronous endpoints are supported.
This commit adjusts the value such that USB sessions requested by
VirtualBox6 on Sculpt OS can get established on the first try without
invoking the session-retry mechanism. This reduces the number of
diagnostic log messages like:
Error: Insufficient 'ram_quota',got 6296372 need 6297928
The value of 50% as assigned by commit "sculpt: add basic support for
i.MX8 Quad EVK" leaves too little room for other components of the
runtime subsystem. With the adjustements of commit "sculpt: assign CPU
quotas" the sum exeedcs 100%. Hence this commit tunes down the value to
sensible 10%.
The existing assignment of CPU quotas did not anticipate the dynamic
reconfiguration of init. It merely tracked the available CPU quota by
deducing the consumed amount from a global variable but never
replenished the value. This worked for static scenarios but failed in
situations where components are dynamically re-started.
So far this deficiency remained detected because CPU quotas were not
used in highly dynamic systems like Sculpt OS. However, this has
recently changed by commit "sculpt: assign CPU quotas".
The patch improves the accounting by mirroring the existing handling of
RAM and cap quotas. Note that the CPU-quota accounting is still rather
limited. In particular the dynamic rebalancing is not yet supported.
Issue #4445
.SHELLFLAGS is extended by option pipefail to make pipes fail if any pipe
element fails. As .SHELLFLAGS is exported into sub-make instances it
must be unexported before calling third-party build systems recursively.
With the consolidation of the file-system session's signal handlers
implemented by commit "file_system_session: merge ack and submit sigh",
we can now change the VFS server to produce batches of acknowledgements
before explicitly waking up the client. (in contrast to the traditional
'acknowledge_packet', the new 'try_ack_packet' triggers no signal)
Issue #4388
Split the trace buffer into two partitions in order to prevent overwriting
of entries when the consumer is too slow. See file comment in buffer.h.
genodelabs/genode#4434
This commit simplifies the current implementation by overloading the
length field with a padding indicator in addition to the zero-length
head entry. This simplifies the iteration semantics as it eliminates
the need for determining whether a zero-length entries is the actual
head of the buffer or a padding at the buffer end.
genodelabs/genode#4434
To support device-less protocol-stacks only ports, we can use a
Virt I/O Linux kernel flavor, and export the lx_kit/lx_emul parts
not depending on platform API and devices.
Ref #4397
* Drivers have to use lx_kit/memory_dma.cc
* Protocol-stacks use lx_kit/memory_non_dma.cc
* Moreover the device-dependent lx_emul parts get removed
from the common lx_emul import rules
Fix#4443
* Unifies the declaration of callbacks which manage driver/client
shared dataspaces
* Move the Linux driver-specific callback implementation to the
lx_emul library from the PC's USB host driver
Fixgenodelabs/genode#4439
The logic got accidentally reversed during the transition from the
legacy USB driver.
Since the function drops error details, this patch adds a diagnostic
message with the error code as returned by the Linux driver.
This patch declares that the pseudo target virtualbox6/services/ does
not produce any build artifact. This allows the adding of virtualbox6
to Sculpt's 'build:' list.
The run script uses core, ld.lib.so, and init from depot packages, thus
these cannot be integrated in the image explicitly from the build
directory.
Also, removed special build of report_rom, which is not subject of the
test.
Fixes#4437
* The problem occured only on OKL4, seL4, and L4/Fiasco
* The test used to continue submitting packets regardless of how many were in
flight
* This commit limits the in-flight packets at the Uplink/Nic connections to 40
each
Ref #4419
This commit changes the touch-click filter to adhere the following
sequence:
touch (physical)
press (artifically generated)
release (artificially generated)
release_touch (physical)
This order is important because nitpicker's focus handling takes
press/release events into account. If the release-touch event appears
before the release event, nitpicker subsumes the release-touch event
to the sequence that started with the press event, instead of handling
it as a free-standing event.
Issue #4332
By assigning CPU budgets, base-hw's priorities come into effect.
Even though the chosen values are rather guessed than informed, they
yield a visibly improved responsiveness on the Pinephone.
When committing a new entry, the buffer wrapped if the last entry fit
perfectly into the buffer. Otherwise, the length field of the next entry
was set to 0 to mark the new head. Yet, if there was still some padding but not
enough to hold the length field of another entry, we ended up with a
headless buffer.
genodelabs/genode#4430
Since the head of the buffer is marked by a zero-length entry, we must
only write the length field if a new head was set. Otherwise, the
consumer might already read the new entry and not find the new head as a stop
condition.
genodelabs/genode#4430
When a device got already acquired by a platform session client, do not
return the same capability again, even if the same platform session
client requested it. Therefore, make doubtful behaviour of client components
visible, and do not have to struggle with Platform::Device instances
instantiated multiple times, which care of the lifetime of the device
capability internally.
Fixgenodelabs/genode#4379
Genode code already expects MMU to be disabled when starting the
kernel. It is enabled eventually in Bootstrap::Platform::enable_mmu,
after setting up translation tables. Unfortunately nothing ensures
this is actually the case. If MMU happens to be enabled when entering
the kernel things go downhill pretty fast after we start messing with
TTBR.
This patch ensures MMU is disabled for EL1, EL2, EL3 dependent on the
exception level of the CPU core, which is entering the kernel.
This should allow base-hw to start correctly on Quartz64 A board.
The `lookup_translation` function got introduced and is used only in the
context to proof whether a cache maintainance function can be executed
safely by the kernel. Unfortunately, it did not checked write permissions,
which can lead to permission faults. This commit restricts the lookup
function to only succeed when the target page is writeable. Consequently,
the lookup function gets renamed to `lookup_rw_translation`.
Fixgenodelabs/genode#4348
* Switch from the legacy usb_host driver to the new PC version
in recipes and automated tests
* Update documentation snippets
* Remove outdated, unused usb_rndis run-script
Fixgenodelabs/genode#4416
Do not only report devices, but the current configuration of the driver too,
as long as the `report` node in the configuration states it.
Ref genodelabs/genode#4416
To stay consistent with the configuration of the legacy usb_host_drv
and other components as well, do not report USB devices by default,
but when the following XML node is set within the component's
configuration:
<report devices="yes"/>
Ref genodelabs/genode#4416
The new usb_host driver for PC by default needs more RAM quota in contrast
to the old one. To minor warnings and repeated attempts to open a USB
session from a client, this commit increases the default RAM quota by one
page.
Ref genodelabs/genode#4416
Adds a function to the USB part of the Genode's C API, to enable
usb_host drivers to acknowledge USB request in client's packet buffer
although they are not assigned to an USB device. The requests are
marked with a "no device" error.
This commit fixes a regression originally solved in genodelabs/genode#4149
Ref genodelabs/genode#4416
XML allows attribute values like <node attr="\"/>. The XML parser
wrongly reflects this case as 'Invalid_syntax'. This behavior stems from
the implicit use of the 'end_of_quote' function, which considers the
sequence of '\"' as a quoted '"' rather than the end of a quoted string.
The patch solves this problem by making the 'end_of_quote' part of
the tokenizer's scanner policy.
The patch removes the 'end_of_quote' function from 'util/string.h'
because it is not universal, and to avoid the ambiguity with
'SCANNER_POLICY::end_of_quote'.
Fixes#4431
When a PD owns the right to ask for a RAM dataspace's `dma_addr` it is
concurrently constrained to use allocations of a specific physical RAM area.
This commit further limits this area by removing RAM page frame zero.
Otherwise the return value of `dma_addr` for such a dataspace would be
erroneously interpreted as a fault, because zero is currently the error
return value of `dma_addr`.
Fixgenodelabs/genode#4428
This patch cuts the superfluous dependency of abi.so files from the
library dependencies of the corresponding lib.so file. ABIs depend
only on symbol files.
Prior this patch, the second step of the following sequence would
wrongly re-build the abi.so file.
arm_v6$ make init
arm_v6$ make init KERNEL=hw
As the KERNEL argument does not affect the ABI, the abi.so should
better not be created twice.
Issue #4408
The Single_file_system now forwards the
`File_io_service::notify_read_ready` method to the
handle as it already did for most of the other methods.
genodelabs/genode#4394
Do not set '_mode' per default to MANANGED. Check if a manual config ROM
is present during construction and set '_mode' to MANUAL in case it is.
issue #4369
'generate(Xml_node node)', as used by the Sculpt manager, calls this
function instead of the lambda version. The 'report' function of the
'Genode::Reporter' does not throw an exception in case there is not
enough backing storage for the 'generate' request. Therefore, we have to
check this condition in a loop and call '_increase_report_buffer' in
case size limits are reached.
Patch by Norman Feske.
issue #4369
Genode linker does not support .gnu.hash tables so they will never be
used. Tell the linker not to bother producing them. This should reduce
the size of Genode ELF files a tiny bit without loosing anything
important in the process.
Fixes#4423
According to ARM Cortex-A55 Core Technical Reference Manual r1p0 the
lowest 8 bits (Aff0) of MPIDR register represent thread IDs within a
multi-threaded core. The actual core identification bits are in Aff1.
This layout can be identified by checking the MT bit of MPIDR register.
Basically, if MT=1 core id is in Aff1, if MT=0 core id is in Aff0.
Without this change Genode will identify all CPU cores on A55 as primary
(0) core.
Its worth to mention that Cortex-A55 by itself is not a multi-threaded
CPU. Aff0 values are always expected to be 0 for pure A55 cores. A55
cores can however be paired with cores that are multi-threaded. To
support such big.LITTLE CPUs in Genode we'd probably need to add a
different mechanism for mapping MPIDR values to logical, contignous
core IDs which Genode expects.
Ref:
https://developer.arm.com/documentation/100442/0100/register-descriptions/aarch64-system-registers/mpidr-el1--multiprocessor-affinity-register--el1?lang=en
* use netperf omnitest output selectors to acquire more metrics
* remove packet_size argument that was not interpreted by netperf
genodelabs/genode#4427
This does not affect default Genode builds as far as I can tell. There
is always at least one global static CTOR which seems to be coming from
one of the GCC runtime libs bundled in the toolchain. The problem became
visible for me only after I've replated GCC runtime with LLVM based
one. In such setup I often see binaries that do not have any static ctors.
Such binaries end up crashing Genode ld.lib.so.
Make sure the code does handle empty constructors array.
Fixes#4422
Switch the code to 0 lengh array instead. The code in
Lru_cache::element_size calls sizeof on this structure. This works in
gcc, but fails when using clang. Even for GCC however the documentation
states:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."
Basically its an implementation quirk that clang does not support. Both
GCC and clang do support zero sized arrays however so using them here
allows both compilers to process this code.
Ref: https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
Issue #4421
This reference member is not used anywhere in the code. This prompts
clang to complain about it. Eliminate the member and all the plumbing
associated with it to silence the warning.
Issue #4421
Clang really doesn't like char subscripts. I can't say I blame it. Fix
the warning by an explicit cast to unsigned.
include/nitpicker_gfx/tff_font.h:230:53: error:
array subscript is of type 'char' [-Werror,-Wchar-subscripts]
Tff::Vertical_metrics const m = _vertical_metrics['m'];
^~~~
Issue #4421
Clang likes to complain when lambdas capture parameters without
actually using them. This patch fixes a couple of such problems in VFS
related os module code.
Issue #4421
The soft ABI implies purely software floating point implementation.
This is not the case for Genode however. For example core's
exception_vector.S uses vmsr instruction. This builds fine with with
GCC based toolchain, but clang with integrated-as complains:
src/core/spec/arm/exception_vector.S:122:2: error: instruction requires: VFP2
vmsr fpexc, r1
^
Fix this by passing softfp to mfloat-abi command on ARMv7. This allows
usage of FP HW, but implies soft-floating point ABI.
Issue #4421
According to C++11 reference:
"If the strictest (largest) alignas on a declaration is weaker than
the alignment it would have without any alignas specifiers (that is,
weaker than its natural alignment or weaker than alignas on another
declaration of the same object or type), the program is ill-formed:"
https://en.cppreference.com/w/cpp/language/alignas
The code requests 4 byte alignment for Genode::Arm_cpu::Context.
The Context structure inherits Genode::Arm_cpu::Fpu_context which
has minimum alignment requirement of 8 bytes, due to uint64_t d0_d31
member. This makes the 4 byte value in Context's alignas specifier
invalid (smaller than allowed minimum).
Similar situation takes place in Arm_64 case. The claimed minimum
alignment of Context is 8 bytes, but the fpu_state member imposes 16
bytes alignment (explicitly specified in Fpu_state declaration).
In both cases the code builds fine with GCC 8.3.0, but fails with
clang which claims that "requested alignment is less than minimum
alignment of X for type", where X is 8 on ARM and 16 on AArch64.
Ref: https://eel.is/c++draft/dcl.align#5
Issue #4421
This commit contains:
* Minimal Linux kernel target: pc_linux
* Library to generate a Linux build directory, config, generated headers
* API depot package
The actual work was provided by Josef Soentgen.
Ref genodelabs/genode#4416
The official way to obtain DMA addresses for RAM dataspaces is
the RPC function 'Pd_session::dma_addr' now. User-level device drivers
should not call this function directly but use the 'Platform_session'
interface of the platform driver instead.
Fixes#2243
* Creates sessions to all supported services of the black hole component
* Test-drives the Event and Capture session with dummy input
* Adds the test to the default list of depot_autopilot.run
* Test-driving the Audio_in and Audio_out sessions is still missing and should
be added via a dedicated commit
Ref #4419
To make room for the re-newed usb_host_drv basing on Linux 5.14 and
the re-newed lx_kit/lx_emul we have to move the depot recipe and
consistently name the old drivers with a legacy_ prefix.
Ref genodelabs/genode#4416
The x86 platform driver uses a different API than the one for ARM for
which the lx_kit glue code was designed. Since the x86 platform driver
will eventually adopt a similar interface we implement a wrapper that
encapsulates the old interface.
Ref genodelabs/genode#4411
Until now, the lx_emul layer addressed a 5.11 Linux Kernel port,
now that we add new architectures it is better to update the default version
first. There are especially changes in the task_struct code,
and the signature of some functions in the paging subsystem changed.
Ref genodelabs/genode#4411
We use the architecture-specific setjmp/longjmp implementation without
modification in the newer lx_kit implementation as well. There is no
need for a duplication.
Ref genodelabs/genode#4411
In the error case of socket_fs_accept() the Unconfirmed utility was
incompletely applied with the result of executing the cleanup routines
in the wrong order.
Fixes#4417
This patch removes the implicit build of ld-$(KERNEL) by the generic
ld.mk file because the kernel-specific dynamic linker is unreachable
when building a regular binary archive.
Issue #4320
When 'KERNEL' is specified, let the generic (pseudo) target of
lib/mk/ld.mk trigger the build of the actual dynamic linker named after
the used kernel. This way, we become able to remove the magic
linker-build step from the boot-image stage of the run tool.
Issue #4320
This patch applies the existing "privatization" of transitive
shared-library dependencies from static lib dependencies to shared lib
dependencies. It thereby improves the consistency of binaries created in
a regular build directory with binaries created in depot archives.
Issue #4408
This patch makes nitpicker's "clicked" report useful for the detection
of clicks outside of any client. This is needed in situations where the
dialog should close when clicking outside its screen area. In the new
version, a click outside any client results in a report without a
'label' attribute. Furthermore, the report is augmented by the sequence
number of the click, which allows for freshness checks by the consumer of
the report (i.e., sculpt_manager).
Issue #4398
If the buffer contains padding at the end, the iteration must continue
in order to restart iteration from the start of the buffer.
genodelabs/genode#4244
The archive contents are equivalent except the creation date of the
top-level directory.
-drwxr-xr-x guivol/users 0 2021-01-07 12:54 jpeg-9d/
+drwxr-xr-x guivol/users 0 2022-01-04 12:02 jpeg-9d/
Fixes#4406
The functionality of the test-block-client, test-block-server, and
test-block-bench components is now covered by the block_tester
application and the vfs_block server.
Issue #4405
This patch eliminates warnings that occurred as side effect of using the
'Session_policy' utility ("Warning: no policy defined for label...").
The new version uses the 'with_matching_policy' function instead, which
has the nice side effect of simplifying the error handling.
This patch makes the server-side policy-matching logic available outside
the 'Session_policy' class. Given that the new 'with_matching_policy'
function does not throw any exception, it gives server implementations
the freedom to avoid the C++ exception mechanism for the policy handling.
If the platform driver lacks the 'managing_system="yes"' attribute,
requests for DMA addresses return 0. This patch is meant to help
diagnosing such configuration issues.
Issue #2243
This patch enhances the PD-session interface with the support needed for
user-level device drivers performing DMA. Both RPC functions are
intended for the direct use by the platform driver only. If invoked for
PDs that lack the managing-system role, the operations have no effect.
The 'dma_addr()' RPC function allows the platform driver to request the
DMA address of a given RAM dataspace. It is meant to replace the
'Dataspace::phys_addr' RPC function.
The 'attach_dma' RPC function adds the given dataspace to the device
PD's I/O page table. It replaces the former heuristics of marking DMA
buffers as uncached RAM on x86.
With this patch, the UNCACHED attribute of RAM dataspaces is no longer
used to distinguish DMA buffers from regular RAM dataspaces.
Issue #2243
This patch makes Sculpt's leitzentrale GUI able to respond to touch events. It
formerly assumed that click/clack events are always preceded by hover reports
that identify the clicked-on widgets. For touch events, however, the most
up-to-date hover information referred to the previous click because there is no
motion without touching. So the GUI tended to identify the wrong widgets as
click targets.
The patch solved this problem by testing the freshness of the hover information
at the time of the click. If the hover information is older than the click, the
action is deferred until up-to-date hover information becomes available.
Fixes#4398
The new event type allows for the propagation of sequence numbers as a means to
validate the freshness of input handling. E.g., an menu-view-based application
can augment artificial sequence numbers to the stream of motion events supplied
to 'menu_view'. Menu view, in turn, can now report the latest received sequence
number in its hover reports, thereby enabling the application to robustly
correlate hover results with click positions.
Issue #4398
This patch replaces formerly blocking packet-stream operations by
the explicit use of 'wait_and_dispatch_io_signal' for blocking.
It also removes a misleading comment that promised a fire-and-forget
behavior whereas the implementation relied on blocking I/O anyway.
Issue #4390
Errors during IPC receive-and-wait can occur at the server side when
a client is killed. This condition is not an error from the server's
perspective. We used to print a message nevertheless, since the
condition is rather exceptional. However, when printed during the
test-sequence test, the messages interfere with the pattern matching of
the depot_autopilot, flagging the successful test as an error.
The VFS block plugin used to depend on the blocking semantics of the
packet stream's 'get_acked_packet'. This patch replaces this dependency
by the use of 'wait_and_dispatch_one_io_signal'. However, in order to
implement this change, the custom instance of a 'Signal_receiver' had to
be removed as well.
To keep this patch as little invasive as possible, it does not touch the
direct use of the block session's packet stream, which should better be
replaced by the 'Block::Connection::Job' API.
Issue #4390
The zynq_nic_drv follows a zero-copy approach and thus uses the packet
buffers as DMA memory. In order to know when the RX DMA memory can be used
for another packet, a custom ack_avail_handler is needed.
Similarly, packets received from the Uplink session are not copied to a
DMA buffer but to directly passed on as DMA memory. For this purpose,
a a custom packet_avail handler is needed.
genodelabs/genode#4384
The 'read' and 'write' utilities are from a time before the VFS API
as os/vfs.h was available. They rely on the (now removed) blocking
semantics of the packet-stream interface.
The only remaining legitimate use case of the direct interaction with
the file-system session without VFS is the back end of gcov, which needs
a way to exfiltrate the statistical data using a channel that is
independent from the libc or the VFS.
Issue #4390
This patch replaces the direct use of a file-system session via the
'file_system/util.h' helpers by the VFS using the os/vfs.h API. This
makes the component more flexible while removing the dependence from
read and write utilities of file_system/util.h, which happen to rely on
the (now removed) blocking packet-stream semantics.
Issue #4390
This patch replaces the direct interaction with the packet stream of
the block session by the use of the 'Block::Connection::Job' API,
removing the reliance on blocking packet-stream semantics.
Since I/O signals can now occur during 'Backend::submit', the patch
conditions the periodic calls of 'rump_sys_sync' by taking the backend
state into account.
Issue #4390
Since the change "block_tester: limit batching in sequential test", the
sequence test blocks infinitely when encountering a length value smaller
than the block size.
This patch takes precautions against the use of blocking packet-stream
operations like 'submit_packet'.
With the change of issue #4388, the ready-to-submit signals are no
longer implicitly handled. Hence, a call of submit_packet to a
saturated submit queue blocks infinitely.
Issue #4390
Even though the use of the C++ exception mechanism (and the implicit use
of the cxx heap) is not a problem at the server side, this patch
nevertheless replaces the exception-based return-value handling to make
the code consistent with the ipc_call path.
Issue #3612
* use 'Id_space::apply_any' instead of 'for_each' to destroy session local
buffer objects
* save session capability in session because 'cap()' is not valid in
'Session_component' destructor because it was dissolved before calling
'Root::_destruct_session', the cap is necessary to remove owned
buffers from the EP
issue #4380
Do not import a freshly allocated buffer to all contexts eagerly.
Instead check buffer list in context's 'exec_buffer' call and import
only buffers needed and not present before GPU execution. This leads to
improved performance for applications that use many OpenGL contexts
(e.g., VirtualBox 6).
issue #4380
* retrieve Genode::Env from plugin, this way no mesa applications need to
be changed.
* add 'vfs_gpu' api
* remove when all required functionality is implemented within the plugin.
issue #4380
Implement GLX and X functionality through Mesa's EGL interface. This
requires multiple OpenGL contexts and in turn GEM context support in
libdrm/iris, as implemented in libdrm and intel_gpu_drv.
Update recipes and machine.vbox6 files accordingly,
issue #4380
Retrieve multiple GPU sessions from VFS plugin, take advantage of buffer
import/export functionallity in order to implement gem context support.
Multiple contexts share all GPU buffers, but use different GPU sessions
and thus, differnt page tables and hardware contexts.
issue #4380
Add 'export_buffer'/'import_buffer' calls in order to support buffer
sharing between GPU sessions.
Reduce CAP costs for Gpu::Connection from 256 to 32.
issue #4380
Synchronize GPU completion by calling 'read' of the vfs_gpu plugin. This
enables pthreads to wait for GPU completions instead of the main EP.
issue #4380
When a <gpu> node is present in the VFS, the plugin opens a
Gpu::Connection for each open call to the 'gpu' node and installs a
completion signal handler. A read only to the fd returned only comes
back if a completion signal has been received between two read
transctions to the fd.
For now the Gpu::Connections can be retrieved by calling the
'vfs_gpu_connection(unsigned long id)' function. The id can be obtained
using 'stat' on the 'gpu' device and is located in the inode (st_ino)
field of the stat buffer.
issue #4380
* let iris handle buffer management, this implies that BOs are mapped to
the PPGTT during buffer execution and unmapped by iris later, for this
to work buffers need to be unmapped when allocating cached BOs
(vma_free) which requires a patch
* support lseek (drm_lseek for now) for determining object size
issue #4380
Account RAM and CAP resources for GPU sessions and trigger client
upgrades before allocating resources at the multiplexer. This prevents
the multiplexer from running out of resources.
issue #4380
Imagine receiving the signal for an available TX ack or an available RX packet
at the Uplink connection but a later received signal for a link-state change
(to link state "down") at the same connection is handled first and destructs
the Uplink connection before the handling of the former signals. In this case,
the methods 'Uplink_client_base::_conn_tx_handle_ack_avail' and
'Uplink_client_base::_conn_rx_handle_packet_avail' must be guarded against an
unconstructed '_conn' member, but they weren't so far.
Fixes#4384
So far, the generic Uplink connection code considered NIC drivers to transmit
connection RX packets in three different manners. Most of the drivers follow
the "normal" way of transmission with only one driver callback from generic
code. The monolithic USB NIC-driver, however, used to send in a "burst" mode
that required a dedicated path with multiple driver callbacks in the generic
code. And then there were drivers that had a fully custom function for doing
transmissions.
Also for handling connection TX acks, there was a "normal" and a
"custom handler" way.
Today, all NIC drivers in the Genode repos and the Genode-World repo follow the
"normal" way. Therefor, the unused code can be removed.
Ref #4384
Only parse output of the test programs one-by-one and ignore log
messages from other components not starting with '[init -> test$number]'.
Fixes sporadic failures on KERNEL=sel4 due to the following warning from
core.
Warning: flush page table entries - mapping cache full - PD: init -> test1
To actually receive audio input in a particular VM, it also
needs to be enabled in the vbox file:
<AudioAdapter controller="HDA" driver="OSS" enabled="true"
enabledOut="true" enabledIn="true"/>
Fixes#4377
On some boards or emulators a CPU might be executing in hyp mode
when entering Genode's bootstrap code. In that mode the 'cps' instruction
is not defined. Therefore, we change the way the boot cpu is identified.
Ref #3415
* renamed rpi pic to Bcm2835_pic
* renamed rpi3 pic to Bcm2837_pic
* added bcm2837 control for setting prescaler value (to fix timer_accuracy)
* changed handling of all interrupts for rpi3 by cascading to bcm2835 pic
* rpi3 irq controller base address made consistent with rpi
* added usb controller memory region for pic on rpi3 (for SOF interrupts)
Ref #3415
The socket type (in the lower bits) maybe ORed with SOCK_CLOEXEC and
SOCK_NONBLOCK options (in the higher bits). Currently, supported values
are SOCK_STREAM (1) and SOCK_DGRAM (2), so just take the lower 2 bits.
This fixes treating `SOCK_STREAM` sockets as UDP if additional flags
were set.
Fixes#4370
This patch equips Sculpt with the ability to customize the system image
in very flexible ways.
All customizable aspects of the image have been relocated from the
former sculpt.run script and the accompanied gems/run/sculpt/ directory
to a new location - the sculpt/ directory - which can exist in any
repository. The directory at repos/gems/sculpt/ serves as reference.
The sculpt directory can host any number of <name>-<board>.sculpt files,
each containing a list of ingredients to be incorporated into the
Sculpt system image. The <name> can be specified to the sculpt.run
script. E.g., the following command refers to the 'default-pc.sculpt'
file:
make run/sculpt KERNEL=nova BOARD=pc SCULPT=default
If no 'SCULPT' argument is supplied, the value 'default' is used.
A .sculpt file refers to a selection of files found at various
subdirectries named after their respective purpose. In particular, There
exists a subdirectory for each file in Sculpt's config fs, like
nitpicker, drivers... The .sculpt file selects the alternative to use
by a simple tag-value notation.
drivers: pc
The supported tags are as follows.
*Optional* selection of /config files. If not specified, those files are
omitted, which prompts Sculpt to manage those configurations
automatically or via the Leitzentrale GUI:
fonts
nic_router
event_filter
wifi
runtime
gpu_drv
Selection of mandatory /config files. If not specified, the respective
'default' alternative will be used.
nitpicker
deploy
fb_drv
clipboard
drivers
numlock_remap
leitzentrale
usb
system
ram_fs
Furthermore, the .sculpt file supports the optional selection of
supplemental content such as a set of launchers.
launches: nano3d system_shell
Another type of content are the set of blessed pubkey/download files
used for installing and verifying software on target.
With the new version, it has become possible to supply a depot with the
the system image. The depot content is assembled according to the 'pkg'
attributes found in launcher files and the selected deploy config.
The resulting depot is incorporated into the system image as 'depot.tar'
archive. It can be supplied to the Sculpt system by mounting it into the
ram fs as done by the 'ram_fs/depot' configuration for the ram fs.
It is possible to add additional boot modules to the system image. There
are two options.
build: <list of targets>
This tag prompts the sculpt.run script to build the specified targets
directly using the Genode build system and add the created artifacts
into the system image as boot modules.
import: <list of depot src or pkg archives>
This tag instructs Sculpt to supply the specifid depot-archive content
as boot modules to the system image. This change eliminates the need for
board-specific pkg/sculpt-<board> archives. The board-specific
specializations can now be placed directly into the respective .sculpt
files by using 'import:'.
To make the use of Sculpt as testbed during development more convenient,
the log output of the drivers, leitzentrale, and runtime subsystems
can be redirected to core using the optional 'LOG=core' argument, e.g.,
make run/sculpt KERNEL=linux BOARD=linux LOG=core
The former pkg/sculpt-installation and pkg/sculpt-installation-pc
archives have been replaced by pkg/sculpt_distribution-pc, which
references the generic pkg/sculpt_distribution archive. Those pkgs are
solely used for publishing / distribution purposes.
Fixes#4369
When used by the 'Allocator_avl' the slab allocator's backing store is
dynamically disabled and re-enabled while adding/freeing ranges.
However, during those operations, slab entries can be freed. This,
in turn, can result in the release of a slab block (when the freed slab
entry happens to be the last entry of the block). In this corner case,
'Slab::_release_backing_store' operation has no effect because no
backing-store allocator is set. As a result, the block is no longer
referenced but not physically freed.
The patch fixes the problem by skipping '_free_curr_sb' whenever
no backing store is defined. So the completely empty block remains
in the working set.
Thanks to Peter for reporting and fixing this issue!
Fixes#4367
- Consider 'sdl' as source of input events in the event-filter
configuration as generated by the sculpt manager
- Supply an artificial 'platform_info' ROM as requested by the
sculpt manager to obtain the affinity-space information
- Substitute 'fs_rom' for 'cached_fs_rom' as a workaround for the
lack of support for managed dataspaces on Linux
Fixes#4362
This change keeps the version-controlled 'pubkey' and 'download' files
separate from files generated via depot/create or downloaded via
depot/download. So one can remove the entire depot/ directory without
interfering with git.
Furthermore, depot keys can now be hosted in supplemental repositories
independent from Genode's main repository.
Fixes#4364
Fix some trivial cases where the signedness of the constant value does
not match the signedness of type the code expects to see. GCC can be
asked to warn about those by passing Wsign-covnersion flag.
Issue #4354
This comes up when building the code with clang 13. It happens due to
recently enabled Wconversion warning, which in case of clang also
enables implicit-int-conversion warning. The warning reads:
fs_file_system.h:937:44: error: higher order bits are zeroes after
implicit conversion [-Werror,-Wimplicit-int-conversion]
::File_system::Watch_handle fs_handle { -1U };
~~~~~~~~~ ^~~
This can be fixed by properly specifying fs_handle value to be of
unsigned long type.
Issue #4354
As far as I can tell this is not raised by any released GCC versions.
Clang 13 on the other hand warns about it due to implicit-int-conversion
warning which is automatically enabled together with Wconversion. The
problem is relatively simple, shifting access_t value does not always
produce result which is also of access_t type. For example, if access_t
is uint16_t, shifting it will produce integer result. This can be
observed even with GCC. Building the following C++ example will fail:
#include <type_traits>
#include <stdint.h>
int test() {
uint16_t a = 0xabcd;
static_assert(std::is_same_v<decltype(a<<1), uint16_t>);
return 0;
}
Changing uint16_t in the static_assert to int, will allow the code to
build.
Make such int to access_t implicit conversion explicit to allow the code
to be compiled with both GCC and clang.
Issue #4354
The path for the `nameserver` file was fixed to `/socket/nameserver`.
So, if the socket directory was configured differing from `/socket`, DNS
did not work. Now the default path for the `nameserver` takes into
account the path configured in the `socket` libc config attribute.
Fixes#4318Fixes#4343
Remove '_expected_offset' check on round trip test from RX packet,
because allocators between RX/TX can have different allocation
strategies. Rely on 'pattern' check for RX packets only.
In loopback server alloc size must match actual packet size.
issue #4312
Override 'try_alloc/free' because ethernet frame headers are 14 bytes
(src/dst mac (12) + ethertype (2)) causing the IP header to be 2 byte
aligned, leading to problems on platforms that require load/store
operations to be naturally aligned when reading, for example, 4 byte IP
addresses. Therefore, we align the allocation to 2 bytes, so the IP
header is aligned to 4.
issue #4312
This patch improves the robustness of the CPU-affinity handling.
- The types in base/affinity.h received the accessors
'Location::within(space)' and 'Affinity::valid', which alleviates
the fiddling with coordinates when sanity checking the values,
in init or core.
- The 'Affinity::Location::valid' method got removed because its
meaning was too vague. For sanity checks of affinity configurations,
the new 'within' method is approriate. In cases where only the x,y
values are used for selecting a physical CPU (during thread creation),
the validity check (width*height > 0) was not meaningful anyway.
- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
as argument because a location always relates to the bounds of
a specific space. This function now implements the selection of
whole rows or columns, which has previously a feature of the
sandbox library only.
- Whenever the sandbox library (init) encounters an invalid affinity
configuration, it prints a warning message as a diagnostic aid.
- A new 'Affinity::unrestricted' function constructs an affinity that
covers the whole affinity space. The named functions clarifies
the meaning over the previous use of the default constructor.
- Core's CPU service denies session requests with an invalid
affinity parameter. Previously, it would fall back to an
unrestricted affinity.
Issue #4300
Instead of using a bitfield for storing rwx and skip boolean value,
take a boolean instead. This fixes a note giv]en by GCC 9.1 about
changes semantics of bitfields given as parameter by value on ARM.
Ref #4344
Similar to other devices allow for selecting a graphics device as
well. This is currently only useful on iMX8-based systems like
iMX8Q-EVK and MNT Reform2 where the driver is explicitly started
from a pkg.
Fixes#4342.
After VirtIO::Queue refactoring buffers no longer share the same
dataspace as VirtIO rings. This makes optimal buffer calculations a lot
easier. In this case 64 buffers 2kB each will need precisely 128kB of
RAM. Previous value of 2016 will just waste 768b.
Fixed#4347
The key changes in this patch are:
* Buffer allocation is moved into a separate Buffer_pool helper. The
implementation of the buffer allocation strategy does not change.
The helper allocates a single RAM dataspace and splits it in multiple,
equally sized chunks.
* Management of main descriptor ring is enacapsulated in Descriptor_ring
helper class.
* Use separate RAM dataspaces for descriptor rings and buffers.
Previously both of them were packed into a single dataspace. This
might have been more RAM efficient, but IMO it made the code uglier and
harder to understand.
* All of the VirtIO::Queue members are now initialized on the class member
initializer list. This is possible due to previously listed changes.
* Since all VirtIO::Queue members are initalized on member initalizer
list, some additional ones can be marked as const, ex _avail, _used ring
pointers.
* Move descriptor writing code into a common method used by both
write_data and write_data_read_reply members. This avoids some code
duplication between those methods.
* Get rid of request_irq argument that most public VirtIO::Queue methods
accept. None of the existing drivers use it and I doubt this will
change any time soon.
* Use Genode namespace by default in Virtio.
This patch also fixes at least one bug that I discovered while working
on VirtIO block device driver. Namely, when chaining descriptors only the
first descriptor in the chain should be exposed in the available ring.
Issue #4347
The const-variant of the data() method contained an erroneous
calculation of the tail size. This led to the size guard throwing
exceptions when trying to parse TCP packets that only contained the
TCP header.
Fixesgenodelabs/genode#4340
Thanks to Piotr Tworek for the fix and his explanation as follows:
The basic idea is to try to fit payload data into the descriptor used to
send the header. If there is no payload, or the payload fits exactly
into the remaining space in the header decriptor, len should be 0 and
only one descriptor should be used. In such case the "next" and "flags"
members of the descriptor structure should be set to 0.
In case there is some extra payload data to send, but its size is
bigger than the remaining free space in the descriptor used to send the
header, len should contain the remaining size of the payload that
can't be sent via the header descriptor. The code will then chain
additional descriptors to handle this remainder.
With the len variable shadowing, the code will never queue the remaining
data.
Issue #4327
Share datastructures for clock, power and reset related configurations
per device. In the generic platform driver component these structures
are kept empty. Driver derivates can fill the clocks settings, power and
reset switches with life. The former Driver::Env gets removed.
Fix#4338
This change of the inner working of the platform driver for ARM allows
clients to have permanent open sessions, as long as a policy node matches
the client. If devices disappear from the policy resp. from the set of
available devices (hotplug), the devices ROM of the session gets updated,
and a corresponding device session gets closed. If the device remains
untouched in the configuration but other devices appeared/disappeared, the
device session is not affected.
Ref #4330
The requested guest-physical memory range may comprise multiple attached
dataspace regions, which must all be detached. This is not required for
the current vbox5 implementation, but for vbox6 as the current API
suggests these semantics.
This commit can be seen as intermediate fix as a real fix should change
the API to prevent long-running detach loops in core that may lock out
requests by other components.
* Only give managing_system permission when all parent nodes of the
corresponding component agree in doing so.
* Move the physical memory constrains heuristic from sandbox library to core
Fix#4335
* Track all caps and ram quotas of the sub-sessions properly
* Release DMA buffers, it is not done implicitely when destroying
the Constrained_ram_allocator
* Do not replenish quota before really releasing memory from
the allocator
Issue #4330
The Session_component must be destroyed before updating the device
model because the Session_component must also release all previously
acquired devices. If the device model is updated before, the devices
might have been removed.
Issue #4330
Pre-allocate all possible type of policy objects as part of the thread meta
state to avoid increased memory consumption due to different policy object
sizes. The cpu_balancer accounts the memory per client and can't forward
potentially occurring out-of-ram exceptions during config-ROM update phases.
Fixes#4333
The commits avoids reading in and allocating memory for all potentially
threads, which are potentially currently not existent (but configured in the
policy beforehand). Instead the policy is read in and evaluated when a thread
is created and policy changes are solely applied to existing/running threads.
By this the commit avoids the increase of memory consumption during the
evaluation of policies during config ROM updates.
Issue #4333
This implements the necessary bits to provide 2D framebuffer support on
top of VirtIO GPU device as implemented in Qemu. I don't know if any
other implementation of this specific device exists.
Compared to the ramfb driver which already exists in Genode Virtio FB driver
has one major benefit. It allows Qemu window to be dynamically resized at
runtime. The driver will treat this as resolution change and act accordingly.
Ramfb driver can currently only use the hardcoded 1024x768 screen size. Changing
screen resolution might not sound like a big deal, but it is rather useful to
run Genode on Qemu in full screen mode.
Some more advanced devices like VirtIO GPU do expect they can receive
responses to VirtIO commands they issue via VirtIO queue. Such responses
are not sent via a separate device writeable queue. Instead the driver
is expected to queue some additional descriptors and buffers which the
device can then use to provide the reply.
This patch adds support for such write-data-read-response opeartion to
Genode VirtIO::Queue implementation. The implementation is pretty simple
and does not support any fancy features like receiving the response
asynchronously. Instead the operation will use caller provided callback
to wait for the device to process the command. Once this callback
returns the write-data-read-response VirtIO::Queue function will invoke
another callback passing received response as argument.
Mesa queries information about the underlying device and this header
denotes the layout of the information. It is also used by the driver
itself to populate the 'info_dataspace'.
Issue #4329.
Since the parts of the 'etnaviv' library are already part of the
'mesa.lib.so' that is normally loaded along-side remove the
duplication here.
Issue #4329.
This filter bridges the gap between a touchscreen driver, which
generates raw touch events and traditional GUI applications that expect
a pointer (absolute motion, press/release of the left mouse button).
Fixes#4332
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.
To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.
Issue #4324
The former use of Pthread conditionals did not cover the corner case of
early wakeups just before halting the CPU. These wakeups were simply
lost which resulted in sporadic halts of about 500 ms (the maximum timeout
of all halts in VirtualBox). RTSEMEVENTMULTI preserves early wakeups
and effectively prevents the CPU from halting.
Additionally, we now wakeup the target CPU on VMMR0_DO_GVMM_SCHED_POLL
and, thus, mimic the behavior of the original implementation slightly
better,
Slightly related to #4313
Since the top-level node of the output ROM is always generated by the
rom_filter, there is no way to pass-through the content of an input ROM
without wrapping in an addition XML node.
genodelabs/genode#4326
The Allocator_avl back end will display diagnostic messages if the
address to be freed is not at the beginning of a block. This happens
regulary when 'struct page' objects are not freed in allocation order.
Issue #4325.
Introduce a method to access the dataspace capability of the underlying
backing store for a memory allocation. This is necessary for drivers
where the memory is managed manually and the capability needs to be
given to a client.
Issue #4325.
Explicitly, adapt to current framebuffer/window size after
initialization finished. This ensures the use of the correct framebuffer
dimensions in scenarios without a window manager.
Thanks to Raphael for the patch.
This patch makes the test less dependent on the rate of state updates by
calculating the upgraded quota from the values found in the state report
instead of simply increasing the '_ram_quota' for each incoming report.
This patch replaces the 'Ram_allocator::alloc' RPC function by a
'try_alloc' function, which reflects errors as 'Attempt' return value
instead of an exception.
Issue #4322
Issue #3612
The new 'update_list_model_from_xml' function template simplifies the
use of the list model utility by alleviating the need for implementing a
custom policy class for each model. Instead, the transformation is done
using a few lambda functions given directly as arguments.
Issue #4317
This patch introduces the lx_emul/pin.h interface that enables GPIO stub
drivers to interact with Genode's Pin_control and IRQ sessions via a
simple C API.
Fixes#4316
The new interfaces are meant to gradually replace the existing
Gpio_session interface.
- Each session refers to a single pin.
- The session types distiguish the direction of the signal as input or
output.
- Pin coordinates can be selected via session labels.
- GPIO interrupts are covered by the regular IRQ session interface.
The interfaces are accompanied by framework utilities and interfaces:
- os/pin_driver.h
- pin_control_session/component.h
- pin_state_session/component.h
These headers relieve GPIO drivers from implementing boilerplate code by
providing device-agnostic portions. The A64 pio driver serves as
reference for using those utilities.
https://github.com/nfeske/genode-allwinner/tree/master/src/drivers/pin/a64Fixes#4315
Always instantiating a network device with id `net0`, removes the need to call
append_qemu_nic_args in run scripts unless we want to add forwarding
rules.
genodelabs/genode#4311
Allow specifying additional qemu arguments for externally supported boards
(e.g. zynq_qemu) by adding a `qemu_args` file in the board-property directory.
The syntax of the qemu_args file is as follows:
- Arguments can appear in a single line or in multiple lines as the
lines will be appended (separated by a whitespace) to the global
qemu_args variable.
- If the line is prepended with a `foobar:` expression. The arguments
are only added if the foobar spec is present.
Note, that a `-m` argument specified in the qemu_args file will
override the arguments provided by the run scripts.
genodelabs/genode#4311
First, the former implementation has only considered the pure numerical
variant of the -m argument. Yet, qemu also allows specifying the amount
of memory by `-m 1G`, `-m size=1G` and more.
Second, the default amount of memory for BOARD=pc was 512M (800M in case of okl4).
Since the depot_autopilot.run also required at least 768M on all
platforms it seems reasonable to take 800M as a default value for BOARD=pc and
thereby remove the special treatment of okl4.
genodelabs/genode#4311
- request FPU state on VM exit in portal config
- transfer FPU state on VM entry
- save fpu state early
Avoid any FPU instructions (for example during base API calls), which
use the FPU and overwrite FPU registers holding the guest vCPU FPU
state.
- don't save fpu state of EP
Issue #4313
The commit avoids the race between checking for the NEM state and the decision
to notify (poke) the NEM backend (nem.cc).
- ever notify about POKE flag for remote vCPU
- check synchronized for NEM state
- store recheck flag and apply on next switch_to_hw
Issue #4313
In the default setting the number of root ports is set to 4. This
also limits the number of USB host devices that may be attached to
the VM. Since the USB webcam shares the slots, that leaves us with
only 3 available USB2 slots to attach USB host devices. Depending on
the use-case that might not be enough.
This commit statically increases the number of ports to 8 each and
adapts the qemu-usb glue-code accordingly.
Many thanks to Raphael for initial investigation and workaround.
Fixes#4310.
Accidentally, the size of IOMEM dataspace got accounted within the
implementation of the platform driver for ARM. Instead we should
only account a bit for the metadata and paging of the I/O memory.
Fix#4307
The custom ack avail handler is required for zero-copy nic drivers (e.g.
the zynq nic driver), which must release the corresponding DMA buffers.
Fixesgenodelabs/genode#4277
This patch adds a missing call of '_handle_decorator_margins' at
construction time. Up to commit "report_rom: versioning and explicit
notification" this problem was masked by an unconditional signal, which
implicitely triggered the call.
Issue #4274Fixes#4306
This component can service Qemu VirtIO mouse, keyboard and tablet
devices. The implementation is based on VirtIO 1.1 device spec. Its
described in section 5.8 "Input Device".
Issue #4282
Those symbols are not satisfied by any code or dependency of libm. As
result calling cprojf function will always crash on Genode. This crash
can be turned into link time error by adding --no-undefined to LD_OPT.
This patch provides the missing symbols by including isninf.c in libm
build.
Fixes#4299
When rebasing my local branch on top of sculpt-21.10 tag I've noticed
two problems.
The code in new_delete.cc does not include new header file. This works
fine with GCC, but fails with clang because std::align_val_t type is
not defined anywhere according to clang. It looks like GCC pulls this
header indirectly somehow.
The second problem can be seen if one disallows undefined symbols in
executables and shared_libraries. This can be seen with both GCC and
clang by adding --no-undefined to LD_OPT. With such change in place core
fails to link due to:
ld.lld: error: undefined symbol: operator delete(void*, std::align_val_t)
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>> thread.o:(Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>> thread.o:(non-virtual thunk to Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> did you mean: operator delete(void*, unsigned long, std::align_val_t)
>>> defined in: debug/core-hw-virt_qemu.a(supc++.o)
If the code would somehow manage call such undefined symbol it'd crash.
Since I generally prefer link time failures to runtime crashes I link
all genode binaries with --no-undefined.
To fix this problem just add a dummy implementation of missing delete
operator.
Fixes#4298
Alignas should be placed before the type. Placing it after it works for
GCC, but fails when building the same codee with clang. The error
message is:
reconstructible.h:48:27: error: 'alignas' attribute cannot be applied to types
char _space[sizeof(MT)] alignas(sizeof(addr_t));
^
Issue #4298
Apparently the iris driver does not make use of tiling by the kernel, so
we shortcut the 'SET_TILING' call to keep iris happy with this quickfix.
However, tiling information may get lost, if the iris driver ever calls
'MMAP_GTT' and no fence is configured for the buffer. A follow-up commit
should address this shortcoming in the future.
Issue #4284
- CPU-architecture annotations
- Change order of top-level menu, moving Mesa driver to the end
- Add black_hole, recall_fs, file_fault
- Add usb_webcam, test-capture
- Add audio driver and mixer
- Add vbox6, keeping vbox5-nova-sculpt as fallback
- Remove recall_fs launcher, which is obsolete with the recall_fs pkg
- Replace system_clock by system_clock-pc pkg
Issue #4281
This follow-up commit to "sculpt: avoid flickering of leitzentrale"
allows nitpicker to double-buffer pixels during resize operation on a
screen size of 1920x1200.
This patch presents all press and release events to the pointer state,
fixing the problem that _key_cnt was decreased but never increased.
However, the inconsistency had no observable effects in practice.
Issue #4176
This patch extends the notion of having only one uniquely hovered client
in the presence of held keys.
If motion occurs once a key is pressed (e.g., while dragging), the
receiver of the key sequence observes the motion events. In this case,
we have to submit an artificial leave event to the originally hovered
client so that no more than one client observes itself as being hovered
at the same time. Once the key sequence is finished, the hovering is
updated again, eventually presenting a motion event to the originally
hovered client and a leave event to the receiver of the key sequence.
Issue #4176
This patch ensures that the pointer report is updated not before all
input events are handled. The change does not solve any observed
practical issue but the potential problem was spotted while reviewing
the code.
Issue #4176
To clearly identify the correct device use the unique device's name
not the type. Otherwise a driver cannot drive several devices of the
same type.
Fix#4297
This commit contains a backport of commit [1] that deals with updating
the event ring dequeue pointer more often to prevent unnecessary
'Event Ring Full' errors.
[1] 'usb: host: xhci: update event ring dequeue pointer on purpose'
(dc0ffbea5729a3abafa577ebfce87f18b79e294b)
Fixes#4296.
This patch changes the depot_query tool to filter the returned index
data depending on the 'arch' as specified for the query. This way, one
index file can support multiple CPU architectures while allowing
individual entries to be architecture-specific.
Fixes#4295
This patch adds the missing definition of 'prio_levels' in the prepare
sub init, fixing the warning:
[init -> runtime -> prepare] Warning: vfs: invalid priority, upgrading from -2 to 0
Issue #4281
Use 'StateChange' event to check for machine's 'PowerOff' state, close
Gui connections and submit exit signal to EP which in turns calls exit.
Fixes#4291
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.
By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.
Issue #3767
This commit removes the report service from the usb_webcam pkg, which
was used to enable or disable the webcam driver. The on/off state is
instead controlled by the presence of a capture client. That is, once a
capture client appears, the webcam driver is started. Vice versa, once
no capture client exists, the webcam driver is removed automatically.
Internally, the detection of presence of a capture client is based on
nitpicker's 'displays' report, which is consumed as input of the
rom_filter, which in turn generates the configuration of a dynamic sub
init.
Fixes#4287
There are some subtle incompatibilities in VirtualBox 6 with settings we
used in version 5. Therefore, the vbox6 package uses machine.vbox6 as
configuration file. An example configuration is provided by the
raw/vbox6 package.
Issue #4281
'Out_of_ram' was so far the only exception a client had to deal with
during buffer managment. Allocating memory, however, does not only
consume RAM quota but CAP quota as well.
This commit tries to mitigate that shortcoming by reflecting the
'Out_of_caps' state back to the client. Furthermore it allows for
resource accounting on certain client allocations, e.g. buffers.
Fixes#4284.
Allocating and mapping buffers not only consumes RAM quota, it consumes
CAP quota as well. Extended the Gpu session to allow for dealing with
that on the client side.
On a side note, the amount of initial CAP quota needed to establish
a connection is increased to cover the current costs of the Intel
GPU multiplexer.
Issue #4284.
The platform driver uses a 'Constrained_ram_allocator' to allocate
meta-data on behave of a client. It uses the PD session as
'Ram_allocator' back end that in return is implemented via the
'Expanding_pd_session_client'.
Whenever the PD client itselft comes into resource shortage it will
ask its parent unconditionally. However, depending on the integration,
such a request may be left unanswered.
This commit introduces a check to prevent that situation from
occurring. In case the platform driver notices the resource shortage
it will reflect that back to the client.
Issue #4284.
By using the cached_fs_rom instead of fs_rom, each client obtains the
same (read-only) copy of the shared library, avoiding a RAM resource
request when running mulitple GPU applications at the same time.
With this patch, Sculpt is able to host at least 3 Mesa applications.
Issue #4263
Issue #4281
This new version of the system_clock pkg does no longer depend on the
presence of an external 'Rtc' service as previously provided by the
Sculpt base system. Instead, it hosts the rtc_drv inside the subsystem.
Because rtc_drv is board-dependent, the system_clock pkg is named
system_clock-pc now.
Issue #4281
Some guests don't handle remote wake up correctly causing devices to
stop functioning. Therefore, we disable the remote wake up bit (5) in
`bmAttributes` of the device configuration descriptor.
Thanks to Peter for the initial fix.
Fixes#4278
ROM clients have to request an initial update of dynamic ROMs explicitly
and should not depend on artificial signals from the ROM session on
signal-handler registration.
Issue #4274
The sequence app should immediately stop the child when it called
parent().exit(). Otherwise, the child will continue execution which
causes a race condition: The child's ld.lib.so will eventually destruct
an Attached_rom_dataspace for the config rom. If sequence destructed the
corresponding service first, we will get an Ipc_error.
genodelabs/genode#4267
Warning!
The current version of the file vault is not thought for productive use but
for mere demonstrational purpose! Please refrain from storing sensitive data
with it!
The File Vault component implements a graphical frontend for setting up and
controlling encrypted virtual file systems using the Consistent Block Encrypter
(CBE) for encryption and snapshot management. For more details see
'repos/gems/src/app/file_vault/README'.
Fixes#4032
Previously unconditional calls to Genode::log in cbe init and the cbe trust
anchor VFS plugin were made dependent on a verbosity flag that is set to
"false" by default.
Ref #4032
Instead of simply encrypting the private key with AES-256 when storing it to
the 'encrypted_private_key' file, wrap it using the AES-key-wrap algorithm
described in RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm".
This is more secure and enables us to directly check whether the passphrase
entered by the user was correct or not.
Ref #4032
As the file formerly named 'secured_superblock' actually contains the hash of
the superblock that was secured, it was renamed 'superblock_hash'.
Ref #4032
As the file formerly named 'keyfile' actually contains the encrypted private
key of the Trust Anchor, it was renamed 'encrypted_private_key'.
Ref #4032
By now, the symmetric keys were only XOR'ed with the private key as placeholder
for a real encryption. Now they are encrypted using AES256 with the TA's
private key as key
Ref #4032.
A private key of 256 bits is generated pseudo-randomly using the jitterentropy
VFS plugin on initialization. The private key is stored in the key file
encrypted via AES256 using the SHA256 hash of the users passphrase. When
unlocking the CBE device, the encrypted private key is read from the key file
and decrypted with the hash of the users passphrase.
Ref #4032
Instead of using the user passphrase directly, use its SHA256 hash calculated
using libcrypto. The passphrase hash is still stored in the key file to be
used as base for the very primitive way of generating the private key.
Ref #4032
Closing the keyfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.
Ref #4032
The plugin used to close file handles via the 'vfs_env.root_dir.close'.
However, this lead to resource leaks and apparently isn't the right way to
do it. Other VFS plugins do it by calling 'close' directly on the handle and
doing it in the trust anchor plugin also, fixes the leaks.
Ref #4032
Closing the hashfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
There were no means for issuing a Deinitialize request at the CBE using the
CBE VFS plugin. The new control/deinitialize file fixes this. When writing
"true" to the file, a Deinitialize request is submitted at the CBE. When
reading the file, the state of the operation is returned as a string of the
format "[current_state] last-result: [last_result]" where [current_state] can
be "idle" or "in-progress" and [last_result] can be "none", "success", or
"failed".
Ref #4032
When discarding a snapshot, the CBE VFS plugin didn't communicate the ID of
the snapshot to the CBE. Instead it set the ID argument to 0. Therefore the
operation never had any effect.
Ref #4032
The snapshots file system used to return the number of snapshots on
'num_dirent' when called for the root directory although it was expected to
return 1. This confused the tooling ontop of the VFS.
Ref #4032
Despite being readable, the files control/extend and control/rekey proclaimed
that they were not when asked. This caused the fs_query tool to not report the
content of the files although it could have.
Ref #4032
Stat calls on the control/extend and control/rekey files returned a bogus file
size that led to an error in the VFS File_content tool. The tool complained
that the size of the file determined while reading the content differs from the
one reported by the stat operation. Now, the stat call will always determine
the actual size of what would be read. However, it isn't guaranteed that this
size doesn't change in the time after the stat operation and before the read
operation.
Ref #4032
The service is loaded dynamically VBoxSharedClipboard.so at runtime. The
VFS configuration mounts the shared object at /VBoxSharedClipboard.so as
the file is checked by contrib code before loading. An init
configuration in pkg/vbox6/runtime illustrates this and how to re-label
the VBoxSharedClipboard.so ROM to its real name
virtualbox6-sharedclipboard.lib.so.
During Windows 10 boot with sequential block requests, the AHCI request
worker finished earlier than the EMT thread signals hEvtProcess and
begins waiting for hEvtProcessAck indefinitely. The timeouts helps to
survive this short phase.
A better solution would use conditional variables, which are not
provided in VirtualBox's runtime.
This patch introduces a C API to be used by input drivers to generate
Genode events. The initial version is limited to multitouch events only.
Fixes#4273
* Use the architecture-dependent minimal alignment for all allocations,
e.g. on ARM it is necessary to have cacheline aligned allocations for DMA
* Remove the allocation functions without alignment from generic API
* Fix a warning
Fix#4268
After a DMA transaction do only invalidate cachelines from the
corresponding DMA buffers if data got transfered from device to
CPU, and not vice versa. Otherwise it might result in data corruption.
Ref #4268