This patch removes the notion of partial writes from the file-system
servers. Since write operations are asynchronously submitted, they are
expected to succeed completely, except for I/O errors. I/O errors are
propagated with the write acknowledgement but those are usually handled
out of band at the client side. Partial writes must never occur because
they would go undetected by clients, which usually don't wait for the
completion of each single write operation.
Until now, most file-system servers returned the number of written bytes
in the acknowledgement packet. If a server managed to write a part of
the request only, it issued the acknowledgement immediately where it
should have cared about writing the remaining part first.
The patch detects such misbehaving server-side code. If partial writes
unexpectedly occur, it prints a message and leaves the corresponding
request unacknowdleged.
Issue #2672
File_system clients may now watch files and directories for changes by
opening a 'Watch_handle' rather than submitting a 'CONTENT_CHANGED'
packet to the server. When a change happens at a node with an open
Watch_handle a CONTENT_CHANGED packet will be sent from the server to
the client. This serializes registration with other handle operations
and separates I/O handle state from notification handle state.
Test at run/fs_rom_update.
Ref #1934
Catch out of RAM and capability exceptions and return error values.
Abort opening a composite directory at Dir_file_system where an
opendir call on any child file-system returns an OUT_OF_RAM or
OUT_OF_CAPS error.
Ref #2642
This change enables the use of negative values for the 'initial_width'
and 'initial_height' attributes to specify values that are relative to
the screen size. This is consistent with the meaning of the 'width' and
'height' attributes.
This patch introduces the subnodes <provides>, <requires>, and
<content> to the <runtime> node. All <rom> sessions that are
expected from the depot appear within the <content> node, which
sets them nicely apart from <rom> sessions that may be required
as runtime arguments.
Note that the <requires> and <provides> nodes do not appear in the
patch because the existing depot_deploy tool does not interpret this
information (the pkg/test-fs_report runtime does not provide any
service, and the timer session is provided as a common route).
The new 'Terminal_session::size_changed_sigh' RPC function registers a
signal handler that is triggered each time when the terminal size
changes. It enables the client to adjust itself to the new size by
subsequently calling the 'size' RPC function. Of all terminal servers,
only the graphical terminal triggers this signal.
- handle line wraps in 'ech()'
- take (1,1) origin into account in 'hpa()' and 'vpa()'
- unify handling of SGR escape sequences of different lengths
- accept the '[?2004h' and '[?2004l' escape sequences (used by midnight commander)
Fixes#2671
The 'Expanding_reporter' wrapper for the 'Reporter' eliminates
the burden of handling 'Xml_generator::Buffer_exceeded' exceptions
from components that generate reports.
Fixes#2655
AVL trees can't be copied with the default copy constructor as the
parent pointer of the first item of both of the resulting trees would
point to the original tree. Copying an AVL node, however, generally
violates the integrity of the corresponding tree. The copy constructor
of Avl_tree is used in some places but in those places it can be
replaced easily. So, this commit deletes the copy constructor of
Avl_node_base which makes Avl_node and Avl_tree non-copyable.
Issue #2654
The 'trace_logger' component can be used to easily gather, process and export
different types of tracing data. Which subjects to select is configurable via
session label policies and thread names. Which data to collect from the
selected subjects can be configured for each subject individually, for groups
of subjects, or for all subjects. The gathered data can be exported as log
output.
This is an example configuration of the 'trace_logger' component which shows
the default value for each attribute except the policy.thread and
policy.label:
! <config verbose="no"
! session_ram="10M"
! session_arg_buffer="4K"
! session_parent_levels="0"
! period_sec="5"
! activity="no"
! affinity="no"
! default_policy="null"
! default_buffer="4K">
!
! <policy label="init -> timer" />
! <policy label_suffix=" -> ram_fs" />
! <policy label_prefix="init -> encryption -> "
! thread="worker"
! buffer="4K"
! policy="null" />
! </config>
For more details see os/src/app/trace_logger/README.
Fixes#2654
Building this policy was disabled by a REQUIRES = riscv_toolchain_bugfix
to prevent compiler crashes on nightly test builds. Since the latest
RISCV toolchain update, test builds for RISCV crash at much more places
which makes this single work-around senseless.
Issue #2654
The 'Buffered_xml' utility is used by three components and a fourth is
on the way. To avoid another duplication of the code, this patch makes
it publicly available at 'os/buffered_xml.h'.
This patch replaces the 'Heap' by a 'Sliced_heap' to avoid the
allocation of a 16 KiB memory block when 'dummy' acts as a server. On
seL4, such an allocation would exceed the 1M quota as assigned by the
init.run script.
The 'initial_width' and 'initial_height' attributes were added to
accomodate the use-case to set the initial dimensions whenever 'nit_fb'
is used in a dynamic fashion, e.g, in combination with a window manager.
These attributes may not be mixed with the 'width' and 'height'
attributes, which are mostly used when a static size configuration is
desired.
When a NIC session is destructed at the router, we have to remove all ARP
cache entries that match the MAC address of that session. Otherwise the
outdated entries might be re-applied later, leading to wrong destination
MAC addresses in routed packets.
Fixes#2637
By specifying the 'config' of a '<runtime>' as an attribute, we can
distinguish the case where the config is obtained from a ROM session
from the case where the config is specified inline as a '<config>' node.
This fix handles the case where the focused domain loses its focus
because the currently focused client vanishes. In this case, the focus
will be undefined and the non-focused views of the domain become
tinted again. The refresh should take effect immediately as soon as the
client vanishes.
With this patch, init responds to the exit of a child by closing all
sessions of the child. E.g., if a child is a GUI application, its
nitpicker session is closed at the time of exit, not at the time when
the start node disappears from init's configuration.
Since this change requires a modification of the 'Genode::Child' class,
it takes the chance to make the child-destruction less brutal. The
new version ensures that all threads of the destructed subsystem are
destructed before other sessions, in particular PD sessions. This
eliminates spurious page-fault warnings during the child destruction.
On Fiasco.OC, closing the CPU session of a thread while being called by
the thread causes a deadlock. Hence, we skip the eager destruction of
CPU sessions on this kernel.
Related to issue #2659
which executed in the current measurement period but are now dead.
Keep the Entry object up to next period, where the recent_execution_time will
become 0 since it will not execute definitely.
Issue #2638
Require x86_64 because memory/adress space limitations on x86_32
restrict the use-cases on such a platform anyway. Doing that,
we can also assume that memory adresses are always 64bit long and
do not have to handle 32bit adresses.
According to the creator of the net-stat lib, this lib was a mere debugging
tool that is not used anymore nor worth the work of updating the it to
modern Genode coding paradigms. Also, there exist no tests for the lib.
Instead of having a method validate_size in each packet class, check
sizes in the data accessor of the surrounding packet class. This packet
accessor is the one that casts the data pointer to the desired data type
so it is sensible that it also checks whether the desired type would
exceed the available RAM before doing the cast. This also fits nicely
the fact that for the top-level packet-class of a packet, the size must
not be checked (which was previously done).
Issue #465
This is a follow-up commit to "Increase default warning level", which
overrides Genode's new default warning level for targets contained in
higher-level repositories. By explicitly whitelisting all those targets,
we can selectively adjust them to the new strictness over time - by
looking out for 'CC_CXX_WARN_STRICT' in the target description files.
Issue #465
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465