Commit Graph

7628 Commits

Author SHA1 Message Date
Norman Feske
4cfd954e1e Remove dependency from 'which' utility
Debian declared the 'which' utility as deprecated.

Fixes #4319
2021-11-29 15:10:52 +01:00
Norman Feske
293d545b97 sandbox: use Genode::update_list_model_from_xml
This patch replaces the former local implementation by the function
provided in 'util/list_model.h'.

Issue #4317
2021-11-29 15:10:52 +01:00
Norman Feske
4df7e6adde util/list_model.h: Add update_list_model_from_xml
The new 'update_list_model_from_xml' function template simplifies the
use of the list model utility by alleviating the need for implementing a
custom policy class for each model. Instead, the transformation is done
using a few lambda functions given directly as arguments.

Issue #4317
2021-11-29 15:10:52 +01:00
Norman Feske
449f647e58 dde_linux: lx_emul interface for GPIO pin access
This patch introduces the lx_emul/pin.h interface that enables GPIO stub
drivers to interact with Genode's Pin_control and IRQ sessions via a
simple C API.

Fixes #4316
2021-11-29 15:10:52 +01:00
Norman Feske
f2a627c107 os: Pin_control and Pin_state session interfaces
The new interfaces are meant to gradually replace the existing
Gpio_session interface.

- Each session refers to a single pin.
- The session types distiguish the direction of the signal as input or
  output.
- Pin coordinates can be selected via session labels.
- GPIO interrupts are covered by the regular IRQ session interface.

The interfaces are accompanied by framework utilities and interfaces:

- os/pin_driver.h
- pin_control_session/component.h
- pin_state_session/component.h

These headers relieve GPIO drivers from implementing boilerplate code by
providing device-agnostic portions. The A64 pio driver serves as
reference for using those utilities.

  https://github.com/nfeske/genode-allwinner/tree/master/src/drivers/pin/a64

Fixes #4315
2021-11-29 15:10:52 +01:00
Johannes Schlatow
2ecb09ba7e tool/run: move nic model to qemu_args file
Always instantiating a network device with id `net0`, removes the need to call
append_qemu_nic_args in run scripts unless we want to add forwarding
rules.

genodelabs/genode#4311
2021-11-29 15:10:52 +01:00
Johannes Schlatow
522a1cdc5b tool/run: read board-specific qemu args from file
Allow specifying additional qemu arguments for externally supported boards
(e.g. zynq_qemu) by adding a `qemu_args` file in the board-property directory.

The syntax of the qemu_args file is as follows:
- Arguments can appear in a single line or in multiple lines as the
  lines will be appended (separated by a whitespace) to the global
  qemu_args variable.
- If the line is prepended with a `foobar:` expression. The arguments
  are only added if the foobar spec is present.

Note, that a `-m` argument specified in the qemu_args file will
override the arguments provided by the run scripts.

genodelabs/genode#4311
2021-11-29 15:10:52 +01:00
Johannes Schlatow
c0c2ed2bf5 tool/run: make qemu RAM sanity check more robust
First, the former implementation has only considered the pure numerical
variant of the -m argument. Yet, qemu also allows specifying the amount
of memory by `-m 1G`, `-m size=1G` and more.

Second, the default amount of memory for BOARD=pc was 512M (800M in case of okl4).
Since the depot_autopilot.run also required at least 768M on all
platforms it seems reasonable to take 800M as a default value for BOARD=pc and
thereby remove the special treatment of okl4.

genodelabs/genode#4311
2021-11-29 15:10:52 +01:00
Alexander Boettcher
c774272366 vbox5/6: set ia32_tsc_aux for rdtscp usage
Fixes #4314
2021-11-29 15:10:52 +01:00
Alexander Boettcher
533015b93e nova: support transfer of IA32_TSC_AUX MSR for vCPUs
The 32-bit MSR is returned by rdtscp in ecx register and used to detect
the CPU ID the timestamp was taken on.

Issue #4314
2021-11-29 15:10:52 +01:00
Alexander Boettcher
f4e52863c0 vbox6: exit on rdtsc and rdtscp (intel)
Otherwise Windows 10 shows 50 Ghz frequency in task manager and other
strange things may happen.

Issue #1769
Issue #4314
Fixes #4313
2021-11-29 15:10:52 +01:00
Alexander Boettcher
7a06633173 nova: FPU handling for vCPUs in VM session
- request FPU state on VM exit in portal config

- transfer FPU state on VM entry

- save fpu state early

  Avoid any FPU instructions (for example during base API calls), which
  use the FPU and overwrite FPU registers holding the guest vCPU FPU
  state.

- don't save fpu state of EP

Issue #4313
2021-11-29 15:10:52 +01:00
Alexander Boettcher
1a79bf2be2 vbox6: avoid race for NEM state checking
The commit avoids the race between checking for the NEM state and the decision
to notify (poke) the NEM backend (nem.cc).

- ever notify about POKE flag for remote vCPU
- check synchronized for NEM state
- store recheck flag and apply on next switch_to_hw

Issue #4313
2021-11-29 15:10:52 +01:00
Alexander Boettcher
3701733c8f vbox6: add POKE calls in TM for remote vCPUs
and return to VMM if TM_TIMER flag is set

Issue #4313
2021-11-29 15:10:52 +01:00
Christian Helmuth
5a21431c31 vbox6: check for pending IRQs in sup_vcpu
Issue #4313
2021-11-29 15:10:52 +01:00
Alexander Boettcher
00eadf9791 vbox6: adjust TPR handling according to HMVMXR0
Issue #4313
2021-11-29 15:10:52 +01:00
Alexander Boettcher
33bf926b50 vbox6: add SIPI patch improving vCPU startup
Issue #4313
2021-11-29 15:10:52 +01:00
Alexander Boettcher
4798ffd055 vbox6: initialize more vcpu state in sup_vm.cc
Issue #4313
2021-11-29 15:10:51 +01:00
Christian Helmuth
228d1c27b7 vbox6: fix npt_ept fault calculation
Issue #4313
2021-11-29 15:10:51 +01:00
Alexander Boettcher
68878ca98a vbox6: implement SUPSemEventMulti*() functions
Issue #4313
2021-11-29 15:10:51 +01:00
Alexander Boettcher
28db5cadee vbox5: generic - discharge by default
intr_state and actv_state are now charged only if required and with
valid values.

Issue #4313
2021-11-29 15:10:51 +01:00
Alexander Boettcher
8d5903cba9 vbox6: avoid unintended state transfer on hw enter
intr_state and actv_state are now charged only if required and with
valid values.

Issue #4313
2021-11-29 15:10:51 +01:00
Alexander Boettcher
74a8a801e4 nova: report vCPU prio & quantum in trace conn
Issue #4313
2021-11-29 15:10:51 +01:00
Stefan Kalkowski
b12b0ed93d imx8q_evk: remove board support from repository
Moved to separate repo at https://github.com/skalk/genode-imx/

Fix #4301
2021-11-29 15:10:51 +01:00
Johannes Schlatow
7917c5d9ec Remove zynq_qemu platform and zynq nic driver
Moved to separate repo at https://github.com/jschlatow/genode-zynq

Fixes genodelabs/genode#4280
2021-11-29 15:10:51 +01:00
Josef Söntgen
6ecae6adb3 qemu-usb: increase USB2/3 root ports to 8 each
In the default setting the number of root ports is set to 4. This
also limits the number of USB host devices that may be attached to
the VM. Since the USB webcam shares the slots, that leaves us with
only 3 available USB2 slots to attach USB host devices. Depending on
the use-case that might not be enough.

This commit statically increases the number of ports to 8 each and
adapts the qemu-usb glue-code accordingly.

Many thanks to Raphael for initial investigation and workaround.

Fixes #4310.
2021-11-29 15:10:51 +01:00
Stefan Kalkowski
6d991313b1 nvme_drv: get I/O resources from platform API only
Do not use the I/O memory service from core directly,
but instead use the I/O resources the platform session
provides to the driver anyway.

Fix #4309
2021-11-29 15:10:51 +01:00
Stefan Kalkowski
43ef9b5a3a platform_drv: do not account IOMEM as ram quota
Accidentally, the size of IOMEM dataspace got accounted within the
implementation of the platform driver for ARM. Instead we should
only account a bit for the metadata and paging of the I/O memory.

Fix #4307
2021-11-29 15:10:51 +01:00
Johannes Schlatow
87bb81cd66 nic: add _custom_conn_tx_ack_avail_handler()
The custom ack avail handler is required for zero-copy nic drivers (e.g.
the zynq nic driver), which must release the corresponding DMA buffers.

Fixes genodelabs/genode#4277
2021-11-29 15:10:51 +01:00
Tomasz Gajewski
332cfb38c1 usb_host: fix MMU fault on rpi2 and rpi3 2021-11-29 15:10:51 +01:00
Norman Feske
275479867d window_layouter: handle decorator margins at start
This patch adds a missing call of '_handle_decorator_margins' at
construction time. Up to commit "report_rom: versioning and explicit
notification" this problem was masked by an unconditional signal, which
implicitely triggered the call.

Issue #4274
Fixes #4306
2021-11-29 15:10:51 +01:00
Piotr Tworek
4f1e9fd256 os: Use VirtIO input drivers for virt_qemu.
This makes Genode's interactive test scenarios run on virt_qemu board
actually interactive.

Issue #4282
2021-11-29 15:10:51 +01:00
Piotr Tworek
60f1a1a554 os: Add VirtIO input driver.
This component can service Qemu VirtIO mouse, keyboard and tablet
devices. The implementation is based on VirtIO 1.1 device spec. Its
described in section 5.8 "Input Device".

Issue #4282
2021-11-29 15:10:51 +01:00
Tomasz Gajewski
ecb1a6187c ssh_terminal: moved to genode world
Fixes #4258
2021-11-29 15:10:50 +01:00
Piotr Tworek
a10903a197 libm: fix undefined __isinff / __isinfl symbol references
Those symbols are not satisfied by any code or dependency of libm. As
result calling cprojf function will always crash on Genode. This crash
can be turned into link time error by adding --no-undefined to LD_OPT.

This patch provides the missing symbols by including isninf.c in libm
build.

Fixes #4299
2021-11-29 15:10:50 +01:00
Piotr Tworek
c38c2a6455 cxx: missing operator delete with align_val_t arg
When rebasing my local branch on top of sculpt-21.10 tag I've noticed
two problems.

The code in new_delete.cc does not include new header file. This works
fine with GCC, but fails with clang because std::align_val_t type is
not defined anywhere according to clang. It looks like GCC pulls this
header indirectly somehow.

The second problem can be seen if one disallows undefined symbols in
executables and shared_libraries. This can be seen with both GCC and
clang by adding --no-undefined to LD_OPT. With such change in place core
fails to link due to:

ld.lld: error: undefined symbol: operator delete(void*, std::align_val_t)
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>>               thread.o:(Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>>               thread.o:(non-virtual thunk to Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> did you mean: operator delete(void*, unsigned long, std::align_val_t)
>>> defined in: debug/core-hw-virt_qemu.a(supc++.o)

If the code would somehow manage call such undefined symbol it'd crash.
Since I generally prefer link time failures to runtime crashes I link
all genode binaries with --no-undefined.

To fix this problem just add a dummy implementation of missing delete
operator.

Fixes #4298
2021-11-29 15:10:50 +01:00
Piotr Tworek
e748efacd8 reconstructible: Fix alignas specifier placement.
Alignas should be placed before the type. Placing it after it works for
GCC, but fails when building the same codee with clang. The error
message is:

reconstructible.h:48:27: error: 'alignas' attribute cannot be applied to types
    char _space[sizeof(MT)] alignas(sizeof(addr_t));
                            ^
Issue #4298
2021-10-15 15:45:52 +02:00
Christian Helmuth
42ff902576 vbox6: settings version 1.18-genode in machine.vbox6
At least the audio backend depends on the correct .vbox settings version
for VirtualBox 6.1 which is 1.18 as of VirtualBox.xidl.
2021-10-15 12:17:05 +02:00
Christian Helmuth
abc9a2f232 depot: update recipe hashes 2021-10-14 13:46:25 +02:00
Norman Feske
0a35e02961 sculpt: documentation update
Issue #4281
2021-10-14 13:22:18 +02:00
Christian Helmuth
98ffa60577 Increase cap quota for system-shell terminal 2021-10-14 11:48:23 +02:00
Josef Söntgen
9980718c92 libyuv: build unoptimized on ARMv8 2021-10-14 11:46:42 +02:00
Josef Söntgen
2e0d9c8521 libdrm: short-cut tiling in iris back end
Apparently the iris driver does not make use of tiling by the kernel, so
we shortcut the 'SET_TILING' call to keep iris happy with this quickfix.

However, tiling information may get lost, if the iris driver ever calls
'MMAP_GTT' and no fence is configured for the buffer. A follow-up commit
should address this shortcoming in the future.

Issue #4284
2021-10-14 11:40:39 +02:00
Norman Feske
31567c8e46 sculpt: curate default index / installation
- CPU-architecture annotations
- Change order of top-level menu, moving Mesa driver to the end
- Add black_hole, recall_fs, file_fault
- Add usb_webcam, test-capture
- Add audio driver and mixer
- Add vbox6, keeping vbox5-nova-sculpt as fallback
- Remove recall_fs launcher, which is obsolete with the recall_fs pkg
- Replace system_clock by system_clock-pc pkg

Issue #4281
2021-10-14 11:02:18 +02:00
Norman Feske
006e807103 sculpt: version 21.10 2021-10-14 11:02:18 +02:00
Norman Feske
4dac2fd008 sculpt: increase RAM of leitzentrale nitpicker
This follow-up commit to "sculpt: avoid flickering of leitzentrale"
allows nitpicker to double-buffer pixels during resize operation on a
screen size of 1920x1200.
2021-10-14 11:02:17 +02:00
Norman Feske
68e8d1fd21 cached_fs_rom: remove diagnostic message
The message "defer transfer..." spams the log on Sculpt OS.

Issue #4281
2021-10-14 11:02:17 +02:00
Norman Feske
6a89f8b19e wm: fix key_cnt consistency glitch
This patch presents all press and release events to the pointer state,
fixing the problem that _key_cnt was decreased but never increased.
However, the inconsistency had no observable effects in practice.

Issue #4176
2021-10-14 11:02:17 +02:00
Norman Feske
ee463b21ae nitpicker: fix interplay of hover with dragging
This patch extends the notion of having only one uniquely hovered client
in the presence of held keys.

If motion occurs once a key is pressed (e.g., while dragging), the
receiver of the key sequence observes the motion events. In this case,
we have to submit an artificial leave event to the originally hovered
client so that no more than one client observes itself as being hovered
at the same time. Once the key sequence is finished, the hovering is
updated again, eventually presenting a motion event to the originally
hovered client and a leave event to the receiver of the key sequence.

Issue #4176
2021-10-14 11:02:17 +02:00
Norman Feske
1088035f8e wm: defer pointer report update
This patch ensures that the pointer report is updated not before all
input events are handled. The change does not solve any observed
practical issue but the potential problem was spotted while reviewing
the code.

Issue #4176
2021-10-14 11:02:17 +02:00
Christian Helmuth
b2ff2a2950 vbox6: configure OSS plugin only once (as /dev/dsp) 2021-10-14 11:02:16 +02:00
Stefan Kalkowski
c976a1d7e0 dde_linux: iterate over device names not types
To clearly identify the correct device use the unique device's name
not the type. Otherwise a driver cannot drive several devices of the
same type.

Fix #4297
2021-10-14 11:02:15 +02:00
Stefan Kalkowski
98400a68c9 os: extend ARM Platform::Device constructor
Enable construction by explicitely naming a specific device,
if more than one device of the same type exist.

Ref #4297
2021-10-14 11:02:15 +02:00
Josef Söntgen
8679f32d0b dde_linux: backport update event ring for usb_host
This commit contains a backport of commit [1] that deals with updating
the event ring dequeue pointer more often to prevent unnecessary
'Event Ring Full' errors.

  [1] 'usb: host: xhci: update event ring dequeue pointer on purpose'
      (dc0ffbea5729a3abafa577ebfce87f18b79e294b)

Fixes #4296.
2021-10-14 11:02:15 +02:00
Stefan Kalkowski
1d1379430a genode_c_api: safeguard session-policy parsing
Fix #4294
2021-10-14 11:02:15 +02:00
Stefan Kalkowski
b7a379546e genode_c_api: delay USB service announcement
Ref #4294
2021-10-14 11:02:14 +02:00
Stefan Kalkowski
873eb687b0 genode_c_api: reduce USB session ram requirements
Ref #4294
2021-10-14 11:02:14 +02:00
Stefan Kalkowski
1508fdc276 usb_block_drv: handle USB state at startup
Fix #4293
2021-10-14 11:02:14 +02:00
Sebastian Sumpf
c79cdc7b39 gpu/intel: use managed dataspace for aperture mappings
Use 'Region_map_client' for aperture mappings through the GGTT instead
of 'Io_mem_connections'.

issue #4284
2021-10-14 11:02:14 +02:00
Norman Feske
440debfc39 depot_query: filter index by CPU architecture
This patch changes the depot_query tool to filter the returned index
data depending on the 'arch' as specified for the query. This way, one
index file can support multiple CPU architectures while allowing
individual entries to be architecture-specific.

Fixes #4295
2021-10-14 11:02:14 +02:00
Norman Feske
28a71f4a73 cpu_balancer.run: adjust caps for sel4/x86_64 2021-10-14 11:02:14 +02:00
Christian Helmuth
4fd2c9c618 libuvc: exclude .git directory from src archive 2021-10-14 11:02:13 +02:00
Norman Feske
96997ead62 sculpt: fix warning during prepare step
This patch adds the missing definition of 'prio_levels' in the prepare
sub init, fixing the warning:

  [init -> runtime -> prepare] Warning: vfs: invalid priority, upgrading from -2 to 0

Issue #4281
2021-10-14 11:02:13 +02:00
Norman Feske
a12168e1bb pkg/mesa_gears: display frames per second 2021-10-14 11:02:13 +02:00
Sebastian Sumpf
d1461f6a72 vbox6: machine power-down support
Use 'StateChange' event to check for machine's 'PowerOff' state, close
Gui connections and submit exit signal to EP which in turns calls exit.

Fixes #4291
2021-10-14 11:02:13 +02:00
Christian Helmuth
c7abc9f983 vbox6: add pkg with webcam capture support
Issue #4281
Issue #4287
2021-10-14 11:02:13 +02:00
Christian Helmuth
d078f7db76 qemu-usb: adapt to webcam capture on/off changes
Issue #4287
2021-10-14 11:02:13 +02:00
Norman Feske
6f1d3862cd base: introduce Env::try_session
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.

By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.

Issue #3767
2021-10-14 11:02:12 +02:00
Christian Prochaska
d5d7915b4d audio_in: fix compile errors when strict warnings are enabled
Fixes #4290
2021-10-14 11:02:11 +02:00
Christian Prochaska
b337ee2f2b vfs_oss: fix output fragment limit calculations
Fixes #4289
2021-10-14 11:02:11 +02:00
Johannes Schlatow
ef8a43c546 base-hw: cache maintenance
touch each page before flushing to ensure that it's present in the page table

genodelabs/genode#4279
2021-10-14 11:02:10 +02:00
Sebastian Sumpf
350353885e vbox6: add shared folder support
builds virtualbox6-sharedfolders.lib.so from unmodified VirtualBox6
sources.

fixes #4288
2021-10-14 11:02:10 +02:00
Norman Feske
eb80d6ce66 usb_webcam: on/off dependent on capture client
This commit removes the report service from the usb_webcam pkg, which
was used to enable or disable the webcam driver. The on/off state is
instead controlled by the presence of a capture client. That is, once a
capture client appears, the webcam driver is started. Vice versa, once
no capture client exists, the webcam driver is removed automatically.

Internally, the detection of presence of a capture client is based on
nitpicker's 'displays' report, which is consumed as input of the
rom_filter, which in turn generates the configuration of a dynamic sub
init.

Fixes #4287
2021-10-14 11:02:10 +02:00
Norman Feske
bc5a7eb495 rom_filter: support default input values
Fixes #4286
2021-10-14 11:02:10 +02:00
Stefan Kalkowski
cb67d07e61 lx_emul: be compliant to original softirq impl.
Ref #4268
2021-10-14 11:02:10 +02:00
Christian Helmuth
96ebed6c31 vbox6: use configuration from machine.vbox6
There are some subtle incompatibilities in VirtualBox 6 with settings we
used in version 5. Therefore, the vbox6 package uses machine.vbox6 as
configuration file. An example configuration is provided by the
raw/vbox6 package.

Issue #4281
2021-10-14 11:02:10 +02:00
Josef Söntgen
6093f8ad81 gpu/intel: deal with insufficient amount of CAPS
'Out_of_ram' was so far the only exception a client had to deal with
during buffer managment. Allocating memory, however, does not only
consume RAM quota but CAP quota as well.

This commit tries to mitigate that shortcoming by reflecting the
'Out_of_caps' state back to the client. Furthermore it allows for
resource accounting on certain client allocations, e.g. buffers.

Fixes #4284.
2021-10-14 11:02:09 +02:00
Josef Söntgen
f6d845e630 gpu: reflect CAP shortage during buffer management
Allocating and mapping buffers not only consumes RAM quota, it consumes
CAP quota as well. Extended the Gpu session to allow for dealing with
that on the client side.

On a side note, the amount of initial CAP quota needed to establish
a connection is increased to cover the current costs of the Intel
GPU multiplexer.

Issue #4284.
2021-10-14 11:02:09 +02:00
Josef Söntgen
27e55dab3e platform_drv: check quota before allocating buffer
The platform driver uses a 'Constrained_ram_allocator' to allocate
meta-data on behave of a client. It uses the PD session as
'Ram_allocator' back end that in return is implemented via the
'Expanding_pd_session_client'.

Whenever the PD client itselft comes into resource shortage it will
ask its parent unconditionally. However, depending on the integration,
such a request may be left unanswered.

This commit introduces a check to prevent that situation from
occurring. In case the platform driver notices the resource shortage
it will reflect that back to the client.

Issue #4284.
2021-10-14 11:02:09 +02:00
Norman Feske
05b451c563 pkg/mesa_gpu: use cached_fs_rom
By using the cached_fs_rom instead of fs_rom, each client obtains the
same (read-only) copy of the shared library, avoiding a RAM resource
request when running mulitple GPU applications at the same time.
With this patch, Sculpt is able to host at least 3 Mesa applications.

Issue #4263
Issue #4281
2021-10-14 11:02:09 +02:00
Sebastian Sumpf
2604c3cca6 vbox6: add mouse pointer shape support
Implement 'MousePointerShapeChanged' event, retrieve parameters from
COM pointer, and update shape report.

fixes #4283
2021-10-14 11:02:09 +02:00
Norman Feske
8ebc185caf depot: merge rtc_drv into system_clock runtime pkg
This new version of the system_clock pkg does no longer depend on the
presence of an external 'Rtc' service as previously provided by the
Sculpt base system. Instead, it hosts the rtc_drv inside the subsystem.
Because rtc_drv is board-dependent, the system_clock pkg is named
system_clock-pc now.

Issue #4281
2021-10-14 11:02:08 +02:00
Norman Feske
6e32102cc6 depot: add recall_fs runtime pkg
Issue #4281
2021-10-14 11:02:08 +02:00
Norman Feske
42541fcc92 sculpt: limit depot selection
This patch reduces the items of the default depot-selection menu to
users that actively maintain a Sculpt index.

Issue #4281
2021-10-14 11:02:08 +02:00
Norman Feske
7cae324726 sculpt: remove RTC driver from base system
The RTC driver is not needed by the base system and can thereby be
handled as a user-installable component.

Issue #4281
2021-10-13 14:50:46 +02:00
Sebastian Sumpf
1072a91592 qemu-usb: disable remote wake up in config descriptors
Some guests don't handle remote wake up correctly causing devices to
stop functioning. Therefore, we disable the remote wake up bit (5) in
`bmAttributes` of the device configuration descriptor.

Thanks to Peter for the initial fix.

Fixes #4278
2021-10-13 14:50:46 +02:00
Christian Helmuth
07bb3fc1ec Initial update of init-state ROM in init_loop test
ROM clients have to request an initial update of dynamic ROMs explicitly
and should not depend on artificial signals from the ROM session on
signal-handler registration.

Issue #4274
2021-10-13 14:50:46 +02:00
Johannes Schlatow
93583cce3b sequence: immediately stop child on exit
The sequence app should immediately stop the child when it called
parent().exit(). Otherwise, the child will continue execution which
causes a race condition: The child's ld.lib.so will eventually destruct
an Attached_rom_dataspace for the config rom. If sequence destructed the
corresponding service first, we will get an Ipc_error.

genodelabs/genode#4267
2021-10-13 14:50:46 +02:00
Josef Söntgen
e6bd9fd7da libc: implement SNDCTL_DSP_GETFMTS ioctl
This I/O control is used to query the audio format, e.g. AFMT_S16_LE
in our case.

Fixes #4276.
2021-10-13 14:50:46 +02:00
Martin Stein
870c5c7a81 file_vault: GUI control for encrypted virtual FS's
Warning!

The current version of the file vault is not thought for productive use but
for mere demonstrational purpose! Please refrain from storing sensitive data
with it!

The File Vault component implements a graphical frontend for setting up and
controlling encrypted virtual file systems using the Consistent Block Encrypter
(CBE) for encryption and snapshot management. For more details see
'repos/gems/src/app/file_vault/README'.

Fixes #4032
2021-10-13 14:50:46 +02:00
Martin Stein
3e375e4315 cbe tools: log less by default
Previously unconditional calls to Genode::log in cbe init and the cbe trust
anchor VFS plugin were made dependent on a verbosity flag that is set to
"false" by default.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
8dfa586462 vfs/cbe_trust_anchor: fix bug in key decrypt
The plugin used the ciphertext instead of the plaintext buffer for key
decryption which led to bogus ciphertext keys.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
a661aa79de vfs/cbe_trust_anchor: AES-key-wrap private key
Instead of simply encrypting the private key with AES-256 when storing it to
the 'encrypted_private_key' file, wrap it using the AES-key-wrap algorithm
described in RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm".
This is more secure and enables us to directly check whether the passphrase
entered by the user was correct or not.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
94701eec09 vfs/cbe_trust_anchor: rename secured_superblock
As the file formerly named 'secured_superblock' actually contains the hash of
the superblock that was secured, it was renamed 'superblock_hash'.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
a28ca44101 vfs/cbe_trust_anchor: rename keyfile
As the file formerly named 'keyfile' actually contains the encrypted private
key of the Trust Anchor, it was renamed 'encrypted_private_key'.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
641a738e3d vfs/cbe_trust_anchor: encrypt symmetric keys
By now, the symmetric keys were only XOR'ed with the private key as placeholder
for a real encryption. Now they are encrypted using AES256 with the TA's
private key as key

Ref #4032.
2021-10-13 14:50:46 +02:00
Martin Stein
f41dec67e1 vfs/cbe_trust_anchor: use secure private key
A private key of 256 bits is generated pseudo-randomly using the jitterentropy
VFS plugin on initialization. The private key is stored in the key file
encrypted via AES256 using the SHA256 hash of the users passphrase. When
unlocking the CBE device, the encrypted private key is read from the key file
and decrypted with the hash of the users passphrase.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
75a55b62a3 vfs/cbe_trust_anchor: use hash of passphrase
Instead of using the user passphrase directly, use its SHA256 hash calculated
using libcrypto. The passphrase hash is still stored in the key file to be
used as base for the very primitive way of generating the private key.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
989b7f39e1 vfs/cbe_trust_anchor: use secure symmetric keys
Use the jitterentropy vfs plugin for the generation of new symmetric block
encryption keys in the cbe trust anchor vfs plugin.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
a2d2b874ec vfs/cbe_trust_anchor: sync keyfile-handle close
Closing the keyfile handle after a write operation wasn't synchronised to the
actual end of the write operation.

Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
42490208c2 vfs/cbe_trust_anchor: fix unlocking
The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
95639a7492 vfs/cbe_trust_anchor: close handles correctly
The plugin used to close file handles via the 'vfs_env.root_dir.close'.
However, this lead to resource leaks and apparently isn't the right way to
do it. Other VFS plugins do it by calling 'close' directly on the handle and
doing it in the trust anchor plugin also, fixes the leaks.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
df7de17435 vfs/cbe_trust_anchor: sync hashfile-handle close
Closing the hashfile handle after a write operation wasn't synchronised to the
actual end of the write operation.

Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
1b4a80ffae vfs/cbe: control/deinitialize file
There were no means for issuing a Deinitialize request at the CBE using the
CBE VFS plugin. The new control/deinitialize file fixes this. When writing
"true" to the file, a Deinitialize request is submitted at the CBE. When
reading the file, the state of the operation is returned as a string of the
format "[current_state] last-result: [last_result]" where [current_state] can
be "idle" or "in-progress" and [last_result] can be "none", "success", or
"failed".

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
88e6991083 vfs/cbe: fix ID argument on discard_snap
When discarding a snapshot, the CBE VFS plugin didn't communicate the ID of
the snapshot to the CBE. Instead it set the ID argument to 0. Therefore the
operation never had any effect.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
9b953e79ba vfs/cbe: support watching the snapshots fs
The snapshots file system couldn't be watched. But it's of interest to watch
for appearing and disappearing snapshots.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
4c1eae97cf vfs/cbe: fix result of SnapshotsFS.num_dirent("/")
The snapshots file system used to return the number of snapshots on
'num_dirent' when called for the root directory although it was expected to
return 1. This confused the tooling ontop of the VFS.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
f051bfa90d vfs/cbe: support watching "rekey" file
The control/rekey file couldn't be watched although it was meant to be used
to watch the current state of the rekey operation.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
4ed45dd303 vfs/cbe: support watching "extend" file
The control/extend file couldn't be watched although it was meant to be used
to watch the current state of the extend operation.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
2d0ac161cb vfs/cbe: mark extend/rekey fs readable
Despite being readable, the files control/extend and control/rekey proclaimed
that they were not when asked. This caused the fs_query tool to not report the
content of the files although it could have.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
34245376ba vfs/cbe: fix size of extend/rekey fs
Stat calls on the control/extend and control/rekey files returned a bogus file
size that led to an error in the VFS File_content tool. The tool complained
that the size of the file determined while reading the content differs from the
one reported by the stat operation. Now, the stat call will always determine
the actual size of what would be read.  However, it isn't guaranteed that this
size doesn't change in the time after the stat operation and before the read
operation.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
bd79f93657 cbe/types: invalid generation, generation string
Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
731df4b037 recipes/src/cbe: build also cbe_init_trust_anchor
Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
d3cc5c9cd2 gems/recipes: api/cbe
Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
ff656401b3 gems: update cbe port
This update fixes a bug when discarding snapshots.

Ref #4032
2021-10-13 14:50:45 +02:00
Christian Helmuth
46ee872b50 vbox6: shared clipboard service
The service is loaded dynamically VBoxSharedClipboard.so at runtime. The
VFS configuration mounts the shared object at /VBoxSharedClipboard.so as
the file is checked by contrib code before loading. An init
configuration in pkg/vbox6/runtime illustrates this and how to re-label
the VBoxSharedClipboard.so ROM to its real name
virtualbox6-sharedclipboard.lib.so.
2021-10-13 14:50:45 +02:00
Christian Helmuth
5aee693f70 vbox6: limit wait for ack to 15 ms in AHCI model
During Windows 10 boot with sequential block requests, the AHCI request
worker finished earlier than the EMT thread signals hEvtProcess and
begins waiting for hEvtProcessAck indefinitely. The timeouts helps to
survive this short phase.

A better solution would use conditional variables, which are not
provided in VirtualBox's runtime.
2021-10-13 14:50:45 +02:00
Josef Söntgen
f21cf3f8b1 mesa: name driver library appropriately
Rename the 'egl_drv' library and the various back ends to 'mesa_gpu_drv'
and 'mesa_gpu-<backend>'.

Fixes #4275.
2021-10-13 14:50:37 +02:00
Norman Feske
32c283d26f os: introduce C API for generating Genode events
This patch introduces a C API to be used by input drivers to generate
Genode events. The initial version is limited to multitouch events only.

Fixes #4273
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
f4cb5cc299 dde_linux: preserve Io_signal_handler for IRQs
Do not construct/destruct signal handlers for interrupts dynamically,
but only the Irq session to prevent a deadlock.

Fix #4272
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
6ae55d490b lx_emul: restrict allocations to minimal alignment
* Use the architecture-dependent minimal alignment for all allocations,
  e.g. on ARM it is necessary to have cacheline aligned allocations for DMA
* Remove the allocation functions without alignment from generic API
* Fix a warning

Fix #4268
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
2ac8620f44 lx_emul: invalidate cache for DMA-read only
After a DMA transaction do only invalidate cachelines from the
corresponding DMA buffers if data got transfered from device to
CPU, and not vice versa. Otherwise it might result in data corruption.

Ref #4268
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
d8c344f6b9 lx_emul: do not block kworkers unconditionally
Ref #4268
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
f8cf0442ed lx_emul: implement lookup of dma-addr to virt-addr
* Use the new Lx_kit::Map as lookup structure for virt-to-dma and vice versa,
  instead of a list-based registry

Ref #4268
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
9bc7ecb605 lx_emul: provide alignment for DMA allocations
Ref #4268
2021-10-13 14:46:54 +02:00
Christian Helmuth
4c4ce2f899 report_rom: versioning and explicit notification
The former implementation did not internally track ROM changes notified
vs. delivered to the client. We adapt the versioning implementation
implemented in dynamic_rom_session.h and enable explicit notification of
the current version.

The feature is used by the clipboard to notify permitted readers of the
clipboard ROM service on focus change via the newly created private
Rom::Module::_notify_permitted_readers() function.

Fixes #4274
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
4803937dd2 os: introduce C-API to provide USB service
Fix #4270
2021-10-13 14:46:54 +02:00
Stefan Kalkowski
6789b86871 base-hw: optimize cache maintainance for ARMv8
* Remove the data-synchronization barrier from the inner-loop
* Instead add a system-wide barrier at the end of the operation

Fix #4269
2021-10-13 14:46:54 +02:00
Martin Stein
9542bcf88c base-hw: reduce includes in board.h
The includes for the address-space-ID allocator and the translation table are
usually specific to the CPU in use. Therefore these includes can be moved from
their current location in the board header to the CPU headers. This reduces the
number of decisions a board maintainer has to make if the CPU model he's aiming
for is already available.

This can probably also be applied for other includes in the board headers but I
intentionally leave it for a future commit as I don't have the time to do it
all now.

Ref #4217
2021-10-13 14:46:54 +02:00
Martin Stein
ad059362d2 base-hw: reduce hardware-specific include paths
For base-hw Core, we used to add quite some hardware-specific include paths
to 'INC_DIR'. Generic code used to include, for instance, '<cpu.h>' and
'<translation_table.h>' using these implicit path resolutions. This commit
removes hardware-specific include paths except for

1) the '<board.h>' include paths (e.g., 'src/core/board/pbxa9'),
2) most architecture-specific include paths (e.g., 'src/core/spec/arm_v7'),
3) include paths that reflect usage of virtualization or ARM Trustzone
   (e.g., 'src/core/spec/arm/virtualization').

The first category is kept because, in contrast to the former "spec"-mechanism,
the board variable used for this type of resolution is not deprecated and the
board headers are meant to be the front end of hardware-specific headers
towards generic code which is why they must be available generically via
'<board.h>'.

The second category is kept because it was suggested by other maintainers that
simple arch-dependent headers (like for the declaration of a CPU state) should
not imply the inclusion of the whole '<board.h>' and because the architecture
is given also without the former "spec"-mechanism through the type of the build
directory. I think this is questionable but am fine with it.

The third category is kept because the whole way of saying whether
virtualization resp. ARM Trustzone is used is done in an out-dated manner and
changing it now would blow up this commit a lot and exceed the time that I'm
willing to spend. This category should be subject to a future issue.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
49b09702b8 base-hw: don't include board.h from hardw. headers
The 'src/core/board/<board>/board.h' header is thought as front end of
hardware-specific headers of a given board towards the generic base-hw Core
code. Therefore it leads to problems (circular includes) if the board.h header
is included from within another hardware-specific header.

If hardware-specific headers access declarations from namespace Board in a
definition, the definition should be moved to a compilation unit that may
include board.h. If hardware-specific headers access declarations from board.h
in a declaration, they should either use the primary declaration from the
original header or, if the declaration must be selected according to the board,
another board-specific header should be introduced to reflect this abstraction.

This is applied by this commit for the current state of base-hw.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
5d74509b2d base-hw: get rid of static perf counter object
It is not necessary to have a class, an object, and a generic header for the
perfomance counter. The kernel merely enables the counter using cpu registers
('msr' instructions, no MMIO) on arm_v6 and arm_v7 only. Therefore this commit
makes the header arm-specific and replaces class and global static object with
a function for enabling the counter.

Fixes #4217
2021-10-13 14:46:53 +02:00
Martin Stein
b817e1977c base-hw: serial output as Main member
Let the kernel's serial-output driver be a member of the one Kernel::Main
object instead of having it as global static variable.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
910788313e base-hw: get rid of static variable in Kernel::Pd
Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
02f00a999c base-hw: global IRQ controller as Main member
Let the kernel's driver for the global IRQ controller be a member of the one
Kernel::Main object instead of having it as static variables in the drivers for
the local IRQ controllers. Note that this commit spares out renaming 'Pic' to
'Local_interrupt_controller' which would be more sensible now with the new
'Global_interrupt_controller' class. Furthermore, on ARM boards the commit
doesn't move 'Distributer' stuff to the new global IRQ controller class as they
don't have real data members (only MMIO) and can be instanciated for each CPU
anew. However, the right way would be to instanciate them only once in Main as
well.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
441d137482 base-hw: Address-Space-ID allocator as Main member
Let the kernel's Address-Space-ID allocator be a member of the one
Kernel::Main object instead of having it as global static variable.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
0c61b25bcf base-hw: no unmanaged_singleton in kernel thread
The unmanaged-singleton approach was used in this context only because of the
alignment requirement of the Core main-UTCB. This, however can also be achieved
with the new 'Aligned' utility, allowing the UTCB to be a member of the Core
main-thread object.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
b6641eaa25 base-hw: Core PD as Main member
Let the Core protection-domain object be a member of the one Kernel::Main
object instead of having it as global static variable.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
d6e347163d base-hw: unnecessary unmanaged-singleton includes
Remove some deprecated include directives for the unmanaged-singleton header.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
5dd8ee5840 base-hw: global IRQ pool as Main member
Let the global kernel IRQ-pool be a member of the one Kernel::Main object
instead of having it as global static variable.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
c49db16762 base-hw: don't use boot_info() outside main.cc
It's sufficient to access the boot info only on kernel initialization time.
Therfore, it can remain completely hidden to the rest of the kernel inside
kernel/main.cc in the initialization function.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
b247def09a base-hw: Core main-thread as Main member
Let the Core main-thread object be a member of the one Kernel::Main object
instead of having it as global static variable.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
2b89cd66cb base-hw: kernel CPU-pool as Main member
Let the kernel CPU-pool be a member of the one Kernel::Main object instead of
having it as global static variable.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
be3d5232c8 base-hw: kernel-data lock as Main member
Let the global kernel-data lock be a member of the one Kernel::Main object
instead of having it as global static variable.

Ref #4217
2021-10-13 14:46:53 +02:00
Martin Stein
82cf31ac27 base-hw: introduce Kernel::Main class
This commit introduces the Kernel::Main class that replaces the former way of
initializing the kernel (former 'kernel_init' function) and calling the C++
kernel entry handler (former 'kernel' function). These two are now
'Main::initialize_and_handle_kernel_entry' and 'Main::handle_kernel_entry'.
Also reading the execution time of the idle threads was already moved to
'Main'. The one static Main instance is meant to successivly replace all the
global static objects of the base-hw kernel with data members of the Main
instance making the data model of the kernel much more comprehensible. The
instance and most of its interface are hidden in kernel/main.cc. There are only
rare cases where parts of the Main interface must be accessible from the
outside. This should be done in the most specific way possible (see main.h)
and, if possible, without handing out references to Main data members or the
Main instance itself.

Ref #4217
2021-10-13 14:46:52 +02:00
Martin Stein
9de43a48b6 base-hw: conform pc board header
Normally, the board header can be found for each supported board under
'src/core/board/<BOARD>/board.h'. This was not the case for the board 'pc'
that was located under 'src/core/spec/x86_64/board.h'. The commit fixes this.

Ref #4217
2021-10-13 14:46:52 +02:00
Martin Stein
a9563bfd4c base-hw: rename Core_thread Core_main_thread
The class name Core_thread in Kernel for the object of the first thread of
core is too generic as there can be an arbitrary number of threads in core
besides this one. Furthermore, creating a core thread has its own syscall
'new_core_thread' that isn't related in any way to Core_thread. Therefore
this commit introduces the more specific name Core_main_thread as replacement
for Core_thread.

Ref #4217
2021-10-13 14:46:52 +02:00
Martin Stein
693a2b5421 base-hw: get rid of cpu_pool() in platform.cc
The function was only still used for reading the execution time of idle threads
of CPUs. Certainly, it is technically fine and more performant to read these
values directly from the kernel objects without doing a syscall. However,
calling cpu_pool() for it provides read and write access to a lot more than
only the execution time values. The interface via which Core directly reads
state of the kernel should be as narrow and specific as possible.
Perspectively, we want to get rid of the cpu_pool() accessor anyway. Therefore
this commit introduces Kernel::read_idle_thread_execution_time(cpu_idx) as
replacement. The function is implemented in kernel code and called by Core in
platform.cc.

Ref #4217
2021-10-13 14:46:52 +02:00
Martin Stein
277adcacb0 base-hw: make Trace_source in Platform() a class
Apparently, there is no need for exposing the data members of Trace_source, so,
we sould better make them private before someone gets the impression that they
are meant to be accessed directly.

Ref #4217
2021-10-13 14:46:52 +02:00
Martin Stein
aa6a7db50a base-hw: communicate kernel irqs via boot info
Core used to read the kernel-reserved IRQs from the timer objects in the
kernel's CPU objects and the PIC class (inter-processor IRQ). Besides not
being "good style" to access a kernel object in Core, this becomes a problem
when trying to prevent CPU pool from being accessed via global functions.

As a solution, this commit extends the boot info to also carry an array of all
kernel-reserved IRQs.

Ref #4217
2021-10-13 14:46:52 +02:00