The new types in base/ram.h model different allocation scenarios and
error cases by mere C++ types without using exceptions. They are meant
to replace the former 'Ram_allocator' interface. As of now, the
'Unmapped_allocator' closely captures the former 'Ram_allocator'
semantics. The 'Constrained_allocator' is currently an alias for
'Unmapped_allocator' but is designated for eventually allocating
mapped RAM.
In contrast to the 'Ram_allocator' interface, which talked about
dataspace capabilites but left the lifetime management of the
allocated RAM to the caller, the new API represents an allocation
as a guard type 'Allocation', which deallocates on destruction by
default.
Allocation errors are captured by a 'Result' type that follows
the 'Attempt' pattern.
As a transitionary feature, the patch largely maintains API
compatibility with the original 'Ram_allocator' by providing
the original (exception-based) 'Ram_allocator::alloc' and
'Ram_allocator::free' methods as a wrapper around the new
'Ram::Constrained_allocator'. So components can be gradually
updated to the new 'Ram::' interface.
Issue #5502
After constructed, a 'Thread' object may remain in a dysfunctional state
should the stack allocation have failed. This condition is no longer
reflected as a C++ exception but as result value of 'Thread::info()'.
Keep 'Thread::name' as public constant because the stack is not always
available for storing the name.
The 'stack_top' accessor has been removed because this information is
already provided by 'Thread::info()'.
Issue #5245
An exception thrown within `update_urbs` in the Usb::Device of
Usb::Interface utilities can lead to unhandled URBs, because of
the unexpected, early return from the function.
Instead of throwing an exception when the device vanishs, tunnel
an appropriated error return value through the C/C++ call-chain
by using the library-specific URB class derivation as container.
In case of any failure during URB completion, handle it's libusb
specific completion immediatedly.
Ref genodelabs/genode#5434
With this patch, the 'Pd_session' interface no longer implements the
'Ram_allocator' interface, which allows us to change the
'Genode::Ram_allocator' semantics (as a subsequent step) without
affecting core's PD service.
The patch also replaces the client-local implementation of
'Pd_session_client::dataspace_size' by the proper RPC call 'ram_size' to
core, which mitigates the potential risk of de-referencing a dataspace
cap of an untrusted origin. E.g., in scenarios where the monitor
component requests the size of a dataspace allocated by the debugging
target.
Since 'ram_size' is an RPC call, it cannot be const. Hence, the
'Ram_alloctor::dataspace_size' has become non-const.
The new 'Pd_ram_allocator' implements the 'Ram_allocator' interface by
using a PD session.
Issue #5502
This patch reworks the libc's internal config handling by replacing
scattered Xml_node accesses by the new 'Config' type that is parsed
at once. The config ROM has been moved from 'Env_implementation' to
the libc kernel.
Issue #5411
This patch changes the 'Timestamp' type of the VFS and file-system
session to an unsigned 64-bit value holding the number of milliseconds
since the UNIX epoch (beginning of 1970).
The special case of an invalid timestamp has been removed as it was
never consistently handled anyway.
In contrast to the POSIX timespec, which represents tv_sec and tv_nsec
both as signed values, this patch uses an unsigned value because the
interpretation of negative tv_sec and tv_nsec values is muddy.
Hypothetical modification times older that 1970 are capped at 1970.
Fixes#3511
The suspend mechanism is obsolete, use monitor call to wait for data for
blocking sockets. The old implementation using 'suspend' will not block for
pthreads because the 'suspend' functor issues a 'monitor' call itself.
issue #5471
Some control URBs have to be handled synchronously within the
libusb, to meet the semantics of get_device_descriptor, set_interface,
etc., but this was using the VFS libusb plugin in a way that it
polled actively during the control URB being active. This commit
removes the not desired polling behaviour.
Fixgenodelabs/genode#5469
This commit removes the dummy 'gai_strerror()' implementation in
favor of the one provided in the contrib sources to allow for better
diagnosing of DNS related problems.
As long as NLS is not set the implementation looks up the error string
via the error-code directly.
Fixes#5464.
Since Goa expects include files to reside at include/ or
include/spec/{x86,x86_64,arm_64,64bit}, the src/lib/.../opensslconf.h is
missed by Goa. This commit adds Goa compatibility for the openssl api
archive.
genodelabs/goa#81
This patch changes the way of how the client-selected sub directory is
communicated to the server. The former opaque session argument is now
passed as last label element, which allows for the flexible tweaking
of this argument by init's session-routing and label-rewriting
mechansims. In particular, it alleviates the need for creating chroot
component instances.
This change requires the following four adaptations at the
configuration level:
- Each file-system session request must now carry a path starting
with / as last session arguments. Hence, <vfs> <fs> nodes that
feature a 'label' attributes must extend the attribute value
with " -> /". For <fs> nodes with no label attribute, "/" is
used as last label argument by default.
- For matching session-routing rules at init's configuration,
the matching of full labels should be replaced by 'label_prefix'
matches, excluding the last (path) argument.
- Wherever a label of a file-system session is rewritten by using
init's 'label' attribute of a <parent> or <child> target node,
the new attribute 'identity' should be used instead. This replaces
the identity part of the label while preserving the client's
directory argument.
- Analogously to the matching of session-routing rules, server-side
policy-selection rules that formerly matched a concrete 'label'
must be changed to match a 'label_prefix' instead.
As a good practice, 'label_prefix' values should end with " ->" if
possible, which clearly delimits the identity part of the label
used by the matching.
Issue #5445
In some situations, atexit handlers perform I/O (e.g., closing a file),
which entails the handling of signals. Should SIGTERM be pending, the
handling of this signal will in turn trigger the execution of atexit
handlers. To break this cycle, this patch removes atexit handlers from
the list before executing them. So no atexit handler is entered more
than once.
Fixes#5444
This patch moves the formerly hard-wired drag-and-drop handling
to the configuration level by introducing the actions "drag" and "drop".
To aid the robust handling of release events matching their
corresponding press events, the patch refines the policy-matching of the
current combination of keys against the hierarchy of <press> and
<release> nodes. If no policy for a concrete combination exists, a
release event also considers the policy of its matching <press> node.
This way, the regular drag-and-drop rules can be expressed as
<press key="BTN_LEFT" action="drag">
<release key="BTN_LEFT" action="drop"/>
</press>
This also works when releasing BTN_LEFT while pressing additional keys,
for which no policy exists.
With this change, the layouter supports the matching of multiple key
sequences instead of only one, thereby supporting multiple actions at
once and allowing for decoupling different user interactions in the
configuration.
Issue #5403
