Commit Graph

10713 Commits

Author SHA1 Message Date
Sebastian Sumpf
c79cdc7b39 gpu/intel: use managed dataspace for aperture mappings
Use 'Region_map_client' for aperture mappings through the GGTT instead
of 'Io_mem_connections'.

issue #4284
2021-10-14 11:02:14 +02:00
Norman Feske
440debfc39 depot_query: filter index by CPU architecture
This patch changes the depot_query tool to filter the returned index
data depending on the 'arch' as specified for the query. This way, one
index file can support multiple CPU architectures while allowing
individual entries to be architecture-specific.

Fixes #4295
2021-10-14 11:02:14 +02:00
Norman Feske
28a71f4a73 cpu_balancer.run: adjust caps for sel4/x86_64 2021-10-14 11:02:14 +02:00
Christian Helmuth
4fd2c9c618 libuvc: exclude .git directory from src archive 2021-10-14 11:02:13 +02:00
Norman Feske
96997ead62 sculpt: fix warning during prepare step
This patch adds the missing definition of 'prio_levels' in the prepare
sub init, fixing the warning:

  [init -> runtime -> prepare] Warning: vfs: invalid priority, upgrading from -2 to 0

Issue #4281
2021-10-14 11:02:13 +02:00
Norman Feske
a12168e1bb pkg/mesa_gears: display frames per second 2021-10-14 11:02:13 +02:00
Sebastian Sumpf
d1461f6a72 vbox6: machine power-down support
Use 'StateChange' event to check for machine's 'PowerOff' state, close
Gui connections and submit exit signal to EP which in turns calls exit.

Fixes #4291
2021-10-14 11:02:13 +02:00
Christian Helmuth
c7abc9f983 vbox6: add pkg with webcam capture support
Issue #4281
Issue #4287
2021-10-14 11:02:13 +02:00
Christian Helmuth
d078f7db76 qemu-usb: adapt to webcam capture on/off changes
Issue #4287
2021-10-14 11:02:13 +02:00
Norman Feske
6f1d3862cd base: introduce Env::try_session
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.

By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.

Issue #3767
2021-10-14 11:02:12 +02:00
Christian Prochaska
d5d7915b4d audio_in: fix compile errors when strict warnings are enabled
Fixes #4290
2021-10-14 11:02:11 +02:00
Christian Prochaska
b337ee2f2b vfs_oss: fix output fragment limit calculations
Fixes #4289
2021-10-14 11:02:11 +02:00
Johannes Schlatow
ef8a43c546 base-hw: cache maintenance
touch each page before flushing to ensure that it's present in the page table

genodelabs/genode#4279
2021-10-14 11:02:10 +02:00
Sebastian Sumpf
350353885e vbox6: add shared folder support
builds virtualbox6-sharedfolders.lib.so from unmodified VirtualBox6
sources.

fixes #4288
2021-10-14 11:02:10 +02:00
Norman Feske
eb80d6ce66 usb_webcam: on/off dependent on capture client
This commit removes the report service from the usb_webcam pkg, which
was used to enable or disable the webcam driver. The on/off state is
instead controlled by the presence of a capture client. That is, once a
capture client appears, the webcam driver is started. Vice versa, once
no capture client exists, the webcam driver is removed automatically.

Internally, the detection of presence of a capture client is based on
nitpicker's 'displays' report, which is consumed as input of the
rom_filter, which in turn generates the configuration of a dynamic sub
init.

Fixes #4287
2021-10-14 11:02:10 +02:00
Norman Feske
bc5a7eb495 rom_filter: support default input values
Fixes #4286
2021-10-14 11:02:10 +02:00
Stefan Kalkowski
cb67d07e61 lx_emul: be compliant to original softirq impl.
Ref #4268
2021-10-14 11:02:10 +02:00
Christian Helmuth
96ebed6c31 vbox6: use configuration from machine.vbox6
There are some subtle incompatibilities in VirtualBox 6 with settings we
used in version 5. Therefore, the vbox6 package uses machine.vbox6 as
configuration file. An example configuration is provided by the
raw/vbox6 package.

Issue #4281
2021-10-14 11:02:10 +02:00
Josef Söntgen
6093f8ad81 gpu/intel: deal with insufficient amount of CAPS
'Out_of_ram' was so far the only exception a client had to deal with
during buffer managment. Allocating memory, however, does not only
consume RAM quota but CAP quota as well.

This commit tries to mitigate that shortcoming by reflecting the
'Out_of_caps' state back to the client. Furthermore it allows for
resource accounting on certain client allocations, e.g. buffers.

Fixes #4284.
2021-10-14 11:02:09 +02:00
Josef Söntgen
f6d845e630 gpu: reflect CAP shortage during buffer management
Allocating and mapping buffers not only consumes RAM quota, it consumes
CAP quota as well. Extended the Gpu session to allow for dealing with
that on the client side.

On a side note, the amount of initial CAP quota needed to establish
a connection is increased to cover the current costs of the Intel
GPU multiplexer.

Issue #4284.
2021-10-14 11:02:09 +02:00
Josef Söntgen
27e55dab3e platform_drv: check quota before allocating buffer
The platform driver uses a 'Constrained_ram_allocator' to allocate
meta-data on behave of a client. It uses the PD session as
'Ram_allocator' back end that in return is implemented via the
'Expanding_pd_session_client'.

Whenever the PD client itselft comes into resource shortage it will
ask its parent unconditionally. However, depending on the integration,
such a request may be left unanswered.

This commit introduces a check to prevent that situation from
occurring. In case the platform driver notices the resource shortage
it will reflect that back to the client.

Issue #4284.
2021-10-14 11:02:09 +02:00
Norman Feske
05b451c563 pkg/mesa_gpu: use cached_fs_rom
By using the cached_fs_rom instead of fs_rom, each client obtains the
same (read-only) copy of the shared library, avoiding a RAM resource
request when running mulitple GPU applications at the same time.
With this patch, Sculpt is able to host at least 3 Mesa applications.

Issue #4263
Issue #4281
2021-10-14 11:02:09 +02:00
Sebastian Sumpf
2604c3cca6 vbox6: add mouse pointer shape support
Implement 'MousePointerShapeChanged' event, retrieve parameters from
COM pointer, and update shape report.

fixes #4283
2021-10-14 11:02:09 +02:00
Norman Feske
8ebc185caf depot: merge rtc_drv into system_clock runtime pkg
This new version of the system_clock pkg does no longer depend on the
presence of an external 'Rtc' service as previously provided by the
Sculpt base system. Instead, it hosts the rtc_drv inside the subsystem.
Because rtc_drv is board-dependent, the system_clock pkg is named
system_clock-pc now.

Issue #4281
2021-10-14 11:02:08 +02:00
Norman Feske
6e32102cc6 depot: add recall_fs runtime pkg
Issue #4281
2021-10-14 11:02:08 +02:00
Norman Feske
42541fcc92 sculpt: limit depot selection
This patch reduces the items of the default depot-selection menu to
users that actively maintain a Sculpt index.

Issue #4281
2021-10-14 11:02:08 +02:00
Norman Feske
7cae324726 sculpt: remove RTC driver from base system
The RTC driver is not needed by the base system and can thereby be
handled as a user-installable component.

Issue #4281
2021-10-13 14:50:46 +02:00
Sebastian Sumpf
1072a91592 qemu-usb: disable remote wake up in config descriptors
Some guests don't handle remote wake up correctly causing devices to
stop functioning. Therefore, we disable the remote wake up bit (5) in
`bmAttributes` of the device configuration descriptor.

Thanks to Peter for the initial fix.

Fixes #4278
2021-10-13 14:50:46 +02:00
Christian Helmuth
07bb3fc1ec Initial update of init-state ROM in init_loop test
ROM clients have to request an initial update of dynamic ROMs explicitly
and should not depend on artificial signals from the ROM session on
signal-handler registration.

Issue #4274
2021-10-13 14:50:46 +02:00
Johannes Schlatow
93583cce3b sequence: immediately stop child on exit
The sequence app should immediately stop the child when it called
parent().exit(). Otherwise, the child will continue execution which
causes a race condition: The child's ld.lib.so will eventually destruct
an Attached_rom_dataspace for the config rom. If sequence destructed the
corresponding service first, we will get an Ipc_error.

genodelabs/genode#4267
2021-10-13 14:50:46 +02:00
Josef Söntgen
e6bd9fd7da libc: implement SNDCTL_DSP_GETFMTS ioctl
This I/O control is used to query the audio format, e.g. AFMT_S16_LE
in our case.

Fixes #4276.
2021-10-13 14:50:46 +02:00
Martin Stein
870c5c7a81 file_vault: GUI control for encrypted virtual FS's
Warning!

The current version of the file vault is not thought for productive use but
for mere demonstrational purpose! Please refrain from storing sensitive data
with it!

The File Vault component implements a graphical frontend for setting up and
controlling encrypted virtual file systems using the Consistent Block Encrypter
(CBE) for encryption and snapshot management. For more details see
'repos/gems/src/app/file_vault/README'.

Fixes #4032
2021-10-13 14:50:46 +02:00
Martin Stein
3e375e4315 cbe tools: log less by default
Previously unconditional calls to Genode::log in cbe init and the cbe trust
anchor VFS plugin were made dependent on a verbosity flag that is set to
"false" by default.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
8dfa586462 vfs/cbe_trust_anchor: fix bug in key decrypt
The plugin used the ciphertext instead of the plaintext buffer for key
decryption which led to bogus ciphertext keys.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
a661aa79de vfs/cbe_trust_anchor: AES-key-wrap private key
Instead of simply encrypting the private key with AES-256 when storing it to
the 'encrypted_private_key' file, wrap it using the AES-key-wrap algorithm
described in RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm".
This is more secure and enables us to directly check whether the passphrase
entered by the user was correct or not.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
94701eec09 vfs/cbe_trust_anchor: rename secured_superblock
As the file formerly named 'secured_superblock' actually contains the hash of
the superblock that was secured, it was renamed 'superblock_hash'.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
a28ca44101 vfs/cbe_trust_anchor: rename keyfile
As the file formerly named 'keyfile' actually contains the encrypted private
key of the Trust Anchor, it was renamed 'encrypted_private_key'.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
641a738e3d vfs/cbe_trust_anchor: encrypt symmetric keys
By now, the symmetric keys were only XOR'ed with the private key as placeholder
for a real encryption. Now they are encrypted using AES256 with the TA's
private key as key

Ref #4032.
2021-10-13 14:50:46 +02:00
Martin Stein
f41dec67e1 vfs/cbe_trust_anchor: use secure private key
A private key of 256 bits is generated pseudo-randomly using the jitterentropy
VFS plugin on initialization. The private key is stored in the key file
encrypted via AES256 using the SHA256 hash of the users passphrase. When
unlocking the CBE device, the encrypted private key is read from the key file
and decrypted with the hash of the users passphrase.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
75a55b62a3 vfs/cbe_trust_anchor: use hash of passphrase
Instead of using the user passphrase directly, use its SHA256 hash calculated
using libcrypto. The passphrase hash is still stored in the key file to be
used as base for the very primitive way of generating the private key.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
989b7f39e1 vfs/cbe_trust_anchor: use secure symmetric keys
Use the jitterentropy vfs plugin for the generation of new symmetric block
encryption keys in the cbe trust anchor vfs plugin.

Ref #4032
2021-10-13 14:50:46 +02:00
Martin Stein
a2d2b874ec vfs/cbe_trust_anchor: sync keyfile-handle close
Closing the keyfile handle after a write operation wasn't synchronised to the
actual end of the write operation.

Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
42490208c2 vfs/cbe_trust_anchor: fix unlocking
The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
95639a7492 vfs/cbe_trust_anchor: close handles correctly
The plugin used to close file handles via the 'vfs_env.root_dir.close'.
However, this lead to resource leaks and apparently isn't the right way to
do it. Other VFS plugins do it by calling 'close' directly on the handle and
doing it in the trust anchor plugin also, fixes the leaks.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
df7de17435 vfs/cbe_trust_anchor: sync hashfile-handle close
Closing the hashfile handle after a write operation wasn't synchronised to the
actual end of the write operation.

Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
1b4a80ffae vfs/cbe: control/deinitialize file
There were no means for issuing a Deinitialize request at the CBE using the
CBE VFS plugin. The new control/deinitialize file fixes this. When writing
"true" to the file, a Deinitialize request is submitted at the CBE. When
reading the file, the state of the operation is returned as a string of the
format "[current_state] last-result: [last_result]" where [current_state] can
be "idle" or "in-progress" and [last_result] can be "none", "success", or
"failed".

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
88e6991083 vfs/cbe: fix ID argument on discard_snap
When discarding a snapshot, the CBE VFS plugin didn't communicate the ID of
the snapshot to the CBE. Instead it set the ID argument to 0. Therefore the
operation never had any effect.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
9b953e79ba vfs/cbe: support watching the snapshots fs
The snapshots file system couldn't be watched. But it's of interest to watch
for appearing and disappearing snapshots.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
4c1eae97cf vfs/cbe: fix result of SnapshotsFS.num_dirent("/")
The snapshots file system used to return the number of snapshots on
'num_dirent' when called for the root directory although it was expected to
return 1. This confused the tooling ontop of the VFS.

Ref #4032
2021-10-13 14:50:45 +02:00
Martin Stein
f051bfa90d vfs/cbe: support watching "rekey" file
The control/rekey file couldn't be watched although it was meant to be used
to watch the current state of the rekey operation.

Ref #4032
2021-10-13 14:50:45 +02:00