Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.
Fix#2469
When building Genode on a Linux system running in a Xen Dom0, the 'xen'
run target can run a Genode scenario in a Xen DomU.
Usage: in build/x86_*/etc/build.conf, define:
RUN_OPT = --include boot_dir/$(KERNEL) --include image/iso --include power_on/xen --include log/xen --include power_off/xen
The Xen DomU runs in HVM mode and loads Genode from an ISO image. Serial
log output is printed to the console and graphical output is shown in an
SDL window.
The Xen DomU ist managed using the 'xl' command line tool and it is
possible to add configuration options in the 'xen_args' variable in a run
script. Common options are:
- disabling the graphical output:
append xen_args { sdl="0" }
- configuring a network device:
append xen_args { vif=\["model=e1000,mac=02:00:00:00:01:01,bridge=xenbr0"\] }
- configuring USB input devices:
append xen_args { usbdevice=\["mouse","keyboard"\] }
Note: the 'xl' tool requires super-user permissions and interactive
password input can be troublesome in combination with 'expect' and is not
practical for automatic tests. For this reason, the current implementation
assumes that no password input is needed when running 'sudo xl', which can
be achieved by creating a file '/etc/sudoers.d/xl' with the content
'user ALL=(root) NOPASSWD: /usr/sbin/xl'
(where 'user' is the Linux user name).
Fixes#2504
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.
For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.
The most important changes are:
- Directories are created and opened with the 'opendir()' function and the
directory entries are read with the recently introduced 'queue_read()'
and 'complete_read()' functions.
- Symbolic links are created and opened with the 'openlink()' function and
the link target is read with the 'queue_read()' and 'complete_read()'
functions and written with the 'write()' function.
- The 'write()' function does not wait for signals anymore. This can have
the effect that data written by a VFS library user has not been
processed by a file system server yet when the library user asks for the
size of the file or closes it (both done with RPC functions at the file
system server). For this reason, a user of the VFS library should
request synchronization before calling 'stat()' or 'close()'. To make
sure that a file system server has processed all write request packets
which a client submitted before the synchronization request,
synchronization is now requested at the file system server with a
synchronization packet instead of an RPC function. Because of this
change, the synchronization interface of the VFS library is now split
into 'queue_sync()' and 'complete_sync()' functions.
Fixes#2399
We used a hardware timer locally in the RPI USB driver because a timer
connection was not precise enough to fullfill the host controllers
requirements.
With the modern timer connection interface, however, reading out time at
a connection is microseconds precise and we can remove the local timer.
But we cannot use the same timer connection for doing legacy-interface
stuff like usleep (currently used in LX kit) and modern-interface stuff
like curr_time. Thus, we open two connections for now.
Ref #2400
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end. Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.
This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.
This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled. Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.
With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.
This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.
Open issues:
* The timeout test fails on Raspberry PI because of precision errors in the
first stage. However, this does not render the framework unusable in general
on the RPI but merely is an issue when speaking of microseconds precision.
* If we run on ARM with another Kernel than HW the timestamp speed may
continuously vary from almost 0 up to CPU speed. The Timer, however,
only uses interpolation if the timestamp speed remained stable (12.5%
tolerance) for at least 3 observation periods. Currently, one period is
100ms, so its 300ms. As long as this is not the case,
Timer_session::elapsed_ms is called instead.
Anyway, it might happen that the CPU load was stable for some time so
interpolation becomes active and now the timestamp speed drops. In the
worst case, we would now have 100ms of slowed down time. The bad thing
about it would be, that this also affects the timeout of the period.
Thus, it might "freeze" the local time for more than 100ms.
On the other hand, if the timestamp speed suddenly raises after some
stable time, interpolated time can get too fast. This would shorten the
period but nonetheless may result in drifting away into the far future.
Now we would have the problem that we can't deliver the real time
anymore until it has caught up because the output of Timer::curr_time
shall be monotone. So, effectively local time might "freeze" again for
more than 100ms.
It would be a solution to not use the Trace::timestamp on ARM w/o HW but
a function whose return value causes the Timer to never use
interpolation because of its stability policy.
Fixes#2400
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.
Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).
This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.
Issue #2398
The old download location is very shaky resp. currently unavailable and
also other projects (e.g., Gentoo and Linux From Scratch) use this
location. Note, the archive hash does _not_ change.
By building the posix library as shared object with an ABI, we
effectively decouple posix-using programs from the library
implementation (which happens to depend on several os-level APIs such as
the VFS).
This commit moves the headers residing in `repos/base/include/spec/*/drivers`
to `repos/base/include/drivers/defs` or repos/base/include/drivers/uart`
respectively. The first one contains definitions about board-specific MMIO
iand RAM addresses, or IRQ lines. While the latter contains device driver
code for UART devices. Those definitions are used by driver implementations
in `repos/base-hw`, `repos/os`, and `repos/dde-linux`, which now need to
include them more explicitely.
This work is a step in the direction of reducing 'SPEC' identifiers overall.
Ref #2403
When creating a source archive for the USB driver, both the contrib and
Genode-specific source codes are merged into a single directory
structure. In this case, the original way of determining the Linux
source code to scan for #include directives would apply the scanning to
Genode-specific source codes too. This patch tightens the search
criterion such that only Linux source codes are processed.
This macro is implicitly pulled in by libc-setjmp (via the libc's
cdefs.h). However, apparently not all sources include <setjmp.h>.
Unfortunately, for sources that do, this change produces a
double-definition warning. We should fix it by removing the dependency
from the libc's setjmp.
Ldso now does not automatically execute static constructors of the
binary and shared libraries the binary depends on. If static
construction is required (e.g., if a shared library with constructor is
used or a compilation unit contains global statics) the component needs
to execute the constructors explicitly in Component::construct() via
Genode::Env::exec_static_constructors().
In the case of libc components this is done by the libc startup code
(i.e., the Component::construct() implementation in the libc).
The loading of shared objects at runtime is not affected by this change
and constructors of those objects are executed immediately.
Fixes#2332
The MIN_PSK_LENGTH constant was not adjusted to accommodate for the
semcantic change when switching from using the raw char array to using
the Genode::String class. The Genode::String::length() method includes
the terminating NUL byte while strlen() does not.
Fixes#2296.
The 'server_ip' and 'server_port' attributes for 'lxip/udp_client' and
'lwip/http_clnt' as well as the 'port' attribute for 'lxip/udp_echo' and
'lwip/http_srv_static' are not directly libc-related so they should not
live in the libc tag but in the config tag of the component.
Ref #2193
This commit includes changes to the Nic::Session_component interface.
We now pass the entire env to the component instead of only ram, rm and
the ep because we need the env to open connections from within the
Session_component implemenation. So far only the cadence_gem driver
needs this, though.
Issue #2280.
A binary file may be a temporary Vim .swp file when examining contrib
sources. The commit prevents build errors like
.../repos/dde_linux/lib/mk/lxip_include.mk:29:
target '.../x86_64/var/libcache/lxip_include/include/include/include/Binary'
given more than once in the same rule
.../repos/dde_linux/lib/mk/lxip_include.mk:29:
target '.../x86_64/var/libcache/lxip_include/include/include/include/file'
given more than once in the same rule
...
This commit enables compile-time warnings displayed whenever a deprecated
API header is included, and adjusts the existing #include directives
accordingly.
Issue #1987
To better support non-blocking terminal components, let the
'Terminal::Session::write()' function return the number of bytes
actually written.
Fixes#2240
Libc::Env is the Genode::Env interface extended to cover access
to the XML content of the 'config' ROM and a VFS instance. This
deduplicates the burden of components to attain and manage
these resources.
Fix#2217
Ref #1987
This patch removes the component_entry_point library, which used to
proved a hook for the libc to intercept the call of the
'Component::construct' function. The mechansim has several shortcomings
(see the discussion in the associated issue) and was complex. So we
eventually discarded the approach in favor of the explicit handling of
the startup.
A regular Genode component provides a 'Component::construct' function,
which is determined by the dynamic linker via a symbol lookup.
For the time being, the dynamic linker falls back to looking up a 'main'
function if no 'Component::construct' function could be found.
The libc provides an implementation of 'Component::construct', which
sets up the libc's task handling and finally call the function
'Libc::Component::construct' from the context of the appllication task.
This function is expected to be provided by the libc-using application.
Consequently, Genode components that use the libc have to implement the
'Libc::Component::construct' function.
The new 'posix' library provides an implementation of
'Libc::Component::construct' that calls a main function. Hence, POSIX
programs that merely use the POSIX API merely have to add 'posix' to the
'LIBS' declaration in their 'target.mk' file. Their execution starts at
'main'.
Issue #2199
Instead of creating one socket and re-using it each test run because the
client shall also test the termination of pseudo-connections at components that
implement hole punching for UDP.
Ref #2139
This patch unconditionally applies the labeling of sessions and thereby
removes the most common use case of 'Child_policy::filter_session_args'.
Furthermore, the patch removes an ambiguity of the session labels of
sessions created by the parent of behalf of its child, e.g., the PD
session created as part of 'Child' now has the label "<child-name>"
whereas an unlabeled PD-session request originating from the child
has the label "<child-name> -> ". This way, the routing-policy of
'Child_policy::resolve_session_request' can differentiate both cases.
As a consequence, the stricter labeling must now be considered wherever
a precise label was specified as a key for a session route or a server-
side policy selection. The simplest way to adapt those cases is to use a
'label_prefix' instead of the 'label' attribute. Alternatively, the
'label' attribute may used by appending " -> " (note the whitespace).
Fixes#2171
The 'connected_scan_interval' config attribute specifies the scan
interval in seconds. The commit also removes the deprecated ram_fs
component from the test run script.
This feature is not compatible with the forthcoming nonblocking parent
interface. The patch removes the use of feature in all places except for
the components of the demo repository, which will under go a redesign
anyway.
Issue #2120
Issue #2165
Instead of using a somewhat incomplete module_param_named() macro,
which will influence other drivers, patch the driver that requires
this treatment.
Fixes#2169Fixes#2155
drm_framebuffer_remove takes care of references to CRTC pointers before
freeing up framebuffer object. Directly calling the destroy function may cause
dangling CRTC pointers pointing inside the framebuffer object.
Fixes#2140
The usb_drv must always check the device pointer in all session facing.
methods. A errorneous client can otherwise trigger a page-fault in the
driver.
Fixes#2133.
- use the correct memory free functions on errors
- report packet submit errors
- rename 'Usb::Packet_descriptor::transfer.timeout' as
'Usb::Packet_descriptor::transfer.polling_interval'
Fixes#2135
The 11n mode can forcefully be disabled by setting the 'disable_11n'
attribute to 'true'. This is workaround for certain 6200 ABG cards
that apparently do not support this mode.
Fixes#2124.
Implementing this macro provides easy access to module parameters from
outside the contrib code, i.e. the driver frontend. For now it will be
solely used by the wifi_drv.
Issue #2124.
When run with the '--autopilot' run option, the 'usb_hid.run' script tests
the input events generated by a 'Pro Micro' microcontroller board. Setup
instructions for the Pro Micro can be found in the run script.
Fixes#2087
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
Now, we support multi-touch devices generating multi-touch events and
absolute-pointer devices simultaneously with multitouch="yes". Still,
multitouch="no" generates emulated absolute-pointer events for
multi-touch devices.
On MVM only the initial scanning of APs works. If wpa_supplicant changes
from triggered scans to the scheduled-scanning hardware feature no
further scan results are reported. Therefore, we disable the
scheduled-scanning hardware feature until the issue is fixed.
Issue #2046
Session_label constructor now takes a bare string rather than a
serialized argument buffer.
Replace all instances of previous constructor with 'label_from_args'
function.
Issue #1787
* Align pitch value to 64 byte (thanks to cnuke for investigation)
* Get rid of extra dataspace retrival and attachment, now that we always buffer
* Consistently name all lx_emul helpers: lx_* (get rid of dde*)
* Add missing file headers
Fix#1997
Instead of providing a buffer to the client and blitting from that
to the "real" framebuffer as an option, with this commit we always do so.
Thereby its possible to immediately destroy the old framebuffer used by
hardware when a configuration change is done, and a new framebuffer
is used. This also simplifies the modesetting.
Moreover, this commit fixes an issue when not using the connector reporting.
Until now the initial mode detection of connectors was only done when
the report was created. this is a regression that entered the driver
when upgrading to the recent Linux kernel version.
Ref #1997
* remove all 'Genode::env()' calls
* use attached roms to read configuration
* use compoenent framework
* remove all PDBG, PINF, PWRN macros
Issue #1987Fixes#2019
Replace 'attribute(...).has_value("yes")`
with 'attribute_value(..., false)'.
This allows for boolean configuration to be set with values such as
"true", "false", "yes", "no", or "1", "0".
Fixes#2002
To circumvent problems on platforms with shaky hotplug interrupt notification
introduce a "poll" configuration option to the driver, which enables
polling for connector changes.
Fix#2004
The vanilla 'schedule_timeout()' Linux function expects a relative
timeout value. The first implementation of the wifi_drv, however, used
an absolute timeout value. This mismatch was overlooked when the
lx_kit, which adheres to the vanilla Linux semantics, was incoporated
in the driver.
Fixes#1990.
The modular lx_kit seperates the required back end functionality of the
Linux emulation environment from the front end. Thereby each driver can
reuse specific parts or supply more suitable implementations by itself.
It is used to reduce the amount of redundant code in each driver.
The lx_kit is split into several layers whose structure is as follows:
The first layer in _repos/dde_linux/src/include/lx_emul_ contains those
header files that provide the structural definitions and function
declarations of the Linux API, e.g. _errno.h_ provides all error code
values. The second layer in _repos/dde_linux/src/include/lx_emul/impl_
contains the implementation of selected functions, e.g. _slab.h_
provides the implementation of 'kmalloc()'. The lx_kit back end API is
the third layer and provides the _Lx::Malloc_ interface
(_repos/dde_linux/src/include/lx_kit/malloc.h_) which is used to
implement 'kmalloc()'. There are several generic implementations of the
lx_kit interfaces that can be used by a driver.
A driver typically includes a 'lx_emul/impl/xyz.h' header once
directly in its lx_emul compilation unit. The lx_kit interface files
are only included in those compilation units that use or implement the
interface. If a driver wants to use a generic implementation it must
add the source file to its source file list. The generic
implementations are located in _repos/dde_linux/src/lx_kit/_.
The modular lx_kit still depends on the private _lx_emul.h_ header file
that is tailored to each driver. Since the lx_kit already contains much
of the declarations and definitions that were originally placed in
these private header files, those files can now ommit a large amount
of code.
Fixes#1974.
This patch cleans up the thread API and comes with the following
noteworthy changes:
- Introduced Cpu_session::Weight type that replaces a formerly used
plain integer value to prevent the accidental mix-up of
arguments.
- The enum definition of Cpu_session::DEFAULT_WEIGHT moved to
Cpu_session::Weight::DEFAULT_WEIGHT
- New Thread constructor that takes a 'Env &' as first argument.
The original constructors are now marked as deprecated. For the
common use case where the default 'Weight' and 'Affinity' are
used, a shortcut is provided. In the long term, those two
constructors should be the only ones to remain.
- The former 'Thread<>' class template has been renamed to
'Thread_deprecated'.
- The former 'Thread_base' class is now called 'Thread'.
- The new 'name()' accessor returns the thread's name as 'Name'
object as centrally defined via 'Cpu_session::Name'. It is meant to
replace the old-fashioned 'name' method that takes a buffer and size
as arguments.
- Adaptation of the thread test to the new API
Issue #1954
This patch integrates three region maps into each PD session to
reduce the session overhead and to simplify the PD creation procedure.
Please refer to the issue cited below for an elaborative discussion.
Note the API change:
With this patch, the semantics of core's RM service have changed. Now,
the service is merely a tool for creating and destroying managed
dataspaces, which are rarely needed. Regular components no longer need a
RM session. For this reason, the corresponding argument for the
'Process' and 'Child' constructors has been removed.
The former interface of the 'Rm_session' is not named 'Region_map'. As a
minor refinement, the 'Fault_type' enum values are now part of the
'Region_map::State' struct.
Issue #1938
Currently the report name is used implicitly as first xml node name for the
report. This is inconvenient if one component wants to generate various xml
reports under various names (e.g. to steer consumers/clients slightly
differently) but with the same xml node tree structure.
Fixes#1940
Prevents the annoying warning about
WARNING: Image format was not specified for 'bin/test.img' and probing guessed raw.
Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
Specify the 'raw' format explicitly to remove the restrictions.
This commit replaces the stateful 'Ipc_client' type with the plain
function 'ipc_call' that takes all the needed state as arguments.
The stateful 'Ipc_server' class is retained but it moved from the public
API to the internal ipc_server.h header. The kernel-specific
implementations were cleaned up and simplified. E.g., the 'wait'
function does no longer exist. The badge and exception code are no
longer carried in the message buffers but are handled in kernel-specific
ways.
Issue #610
Issue #1832
Interfaces that have been claimed by a component always have to be
released when the session is closed in case the component
malfunctioned.
Fixes#1869.
- Use 'label' attribute to identify device instead of
bus/dev and vendor_id/product_id
- Implement release_interface RPC
- Report 'label' as well as 'bus' and 'dev'
- Add policy handling to raw driver (includes reconfiguration
at runtime)
- Use own memory backing store for large DMA allocations
Issue #1863.
Instead of polling for new Nic session signals, when waiting for
network packets with a timeout, block on the signal receiver, and
register a timer event beforehand using the same signal receiver.
Fix#1862
Ref #1864
* enable i915 driver from Linux 3.14.5
* tested for generation 5 till 8 GPUs
The driver can be configured at run-time via the config ROM. Every
connector of the graphic card can be configured separately using the
following syntax
<config>
<connector name="LVDS-11" width="1280" height="800" enabled="true"/>
</config>
Also, when enabled within the intel framebuffer driver configuration like
the following
<config buffered="yes"/>
a simple ram dataspace is propagated to the client and the driver
itselfs copies from that buffer to the framebuffer triggered via refresh
calls. This option is useful to alleviate tearing effects.
The driver distributes all available connectors of the graphic card and
their supported resolutions via a report. It looks like follows
<connectors>
<connector name="LVDS-11" connected="1">
<mode width="1280" height="800" hz="60"/>
...
</connector>
...
</connectors>
The driver distributes the report only if this is stated within its
configuration, like the following
<config>
<report connectors="yes"/>
</config>
Fix#1764
platform_execute() is used to initially switch the stack of a
routine/task. While Thread_base::alloc_secondary_stack() properly aligns
the returned stack pointer the x86_64 assembler implementation did not
comply to stack frame management specified in the ABI.
The used (and most simple) stack-alignment check may pass a float to a
varargs function on x86, which requires the compiler to properly save
some XMM registers on stack.
Destroying an object within the scope of a lambda/functor executed
in the object pool's apply function leads potentially to memory corruption.
Within the scope the corresponding object is locked and unlocked when
leaving the scope. Therefore, it is illegal to free the object's memory meanwhile.
This commit eliminates several places in core that destroyed wrongly in
the object pool's scope.
Fix#1713
Instead of holding SPEC-variable dependent files and directories inline
within the repository structure, move them into 'spec' subdirectories
at the corresponding levels, e.g.:
repos/base/include/spec
repos/base/mk/spec
repos/base/lib/mk/spec
repos/base/src/core/spec
...
Moreover, this commit removes the 'platform' directories. That term was
used in an overloaded sense. All SPEC-relative 'platform' directories are
now named 'spec'. Other files, like for instance those related to the
kernel/architecture specific startup library, where moved from 'platform'
directories to explicit, more meaningful places like e.g.: 'src/lib/startup'.
Fix#1673
Instead of returning pointers to locked objects via a lookup function,
the new object pool implementation restricts object access to
functors resp. lambda expressions that are applied to the objects
within the pool itself.
Fix#884Fix#1658