genode/repos/base-linux/src/core/pd_session_component.cc

/*
 * \brief  Core implementation of the PD session interface
 * \author Norman Feske
 * \date   2012-08-15
 */

/*
 * Copyright (C) 2012-2013 Genode Labs GmbH
 *
 * This file is part of the Genode OS framework, which is distributed
 * under the terms of the GNU General Public License version 2.
 */

/* core-local includes */
#include <pd_session_component.h>

using namespace Genode;


int Pd_session_component::bind_thread(Thread_capability) { return -1; }


int Pd_session_component::assign_parent(Capability<Parent> parent)
{
	_parent = parent;
	return 0;
}


bool Pd_session_component::assign_pci(addr_t, uint16_t) { return true; }
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00			`/*`
Imported Genode release 11.11 2011-12-22 16:19:25 +01:00			`* \brief Core implementation of the PD session interface`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00			`* \author Norman Feske`
			`* \date 2012-08-15`
Imported Genode release 11.11 2011-12-22 16:19:25 +01:00			`*/`

			`/*`
Update copyright headers to 2013 2013-01-10 21:44:47 +01:00			`* Copyright (C) 2012-2013 Genode Labs GmbH`
Imported Genode release 11.11 2011-12-22 16:19:25 +01:00			`*`
			`* This file is part of the Genode OS framework, which is distributed`
			`* under the terms of the GNU General Public License version 2.`
			`*/`

Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00			`/* core-local includes */`
Imported Genode release 11.11 2011-12-22 16:19:25 +01:00			`#include <pd_session_component.h>`

			`using namespace Genode;`


base: redesign object pool using lambda interface Instead of returning pointers to locked objects via a lookup function, the new object pool implementation restricts object access to functors resp. lambda expressions that are applied to the objects within the pool itself. Fix #884 Fix #1658 2015-08-10 13:34:16 +02:00			`int Pd_session_component::bind_thread(Thread_capability) { return -1; }`


Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`int Pd_session_component::assign_parent(Capability<Parent> parent)`
base: redesign object pool using lambda interface Instead of returning pointers to locked objects via a lookup function, the new object pool implementation restricts object access to functors resp. lambda expressions that are applied to the objects within the pool itself. Fix #884 Fix #1658 2015-08-10 13:34:16 +02:00			`{`
			`_parent = parent;`
			`return 0;`
			`}`


Integrate CAP session into PD session This patch integrates the functionality of the former CAP session into the PD session and unifies the approch of supplementing the generic PD session with kernel-specific functionality. The latter is achieved by the new 'Native_pd' interface. The kernel-specific interface can be obtained via the Pd_session::native_pd accessor function. The kernel-specific interfaces are named Nova_native_pd, Foc_native_pd, and Linux_native_pd. The latter change allowed for to deduplication of the pd_session_component code among the various base platforms. To retain API compatibility, we keep the 'Cap_session' and 'Cap_connection' around. But those classes have become mere wrappers around the PD session interface. Issue #1841 2016-01-19 20:24:22 +01:00			`bool Pd_session_component::assign_pci(addr_t, uint16_t) { return true; }`