2015-09-04 16:06:03 +02:00
|
|
|
/*
|
|
|
|
|
* \brief VFS File_system server
|
|
|
|
|
* \author Emery Hemingway
|
2017-01-31 15:36:00 +01:00
|
|
|
* \author Christian Helmuth
|
2015-09-04 16:06:03 +02:00
|
|
|
* \date 2015-08-16
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
2017-01-31 15:36:00 +01:00
|
|
|
* Copyright (C) 2015-2017 Genode Labs GmbH
|
2015-09-04 16:06:03 +02:00
|
|
|
*
|
|
|
|
|
* This file is part of the Genode OS framework, which is distributed
|
2017-02-20 13:23:52 +01:00
|
|
|
* under the terms of the GNU Affero General Public License version 3.
|
2015-09-04 16:06:03 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/* Genode includes */
|
2017-02-01 21:07:14 +01:00
|
|
|
#include <base/component.h>
|
|
|
|
|
#include <base/registry.h>
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
#include <base/heap.h>
|
2017-02-01 21:07:14 +01:00
|
|
|
#include <base/attached_rom_dataspace.h>
|
|
|
|
|
#include <file_system_session/rpc_object.h>
|
2015-09-04 16:06:03 +02:00
|
|
|
#include <root/component.h>
|
|
|
|
|
#include <os/session_policy.h>
|
2017-10-28 00:51:16 +02:00
|
|
|
#include <base/allocator_guard.h>
|
2017-02-01 21:07:14 +01:00
|
|
|
#include <vfs/dir_file_system.h>
|
|
|
|
|
#include <vfs/file_system_factory.h>
|
2015-09-04 16:06:03 +02:00
|
|
|
|
|
|
|
|
/* Local includes */
|
|
|
|
|
#include "assert.h"
|
2016-03-30 20:14:15 +02:00
|
|
|
#include "node.h"
|
2015-09-04 16:06:03 +02:00
|
|
|
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
namespace Vfs_server {
|
2016-03-30 20:14:15 +02:00
|
|
|
using namespace File_system;
|
2015-09-04 16:06:03 +02:00
|
|
|
using namespace Vfs;
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
class Session_component;
|
|
|
|
|
class Root;
|
2018-03-31 16:50:49 +02:00
|
|
|
class Event_response_handler;
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
typedef Genode::Registered<Session_component> Registered_session;
|
|
|
|
|
typedef Genode::Registry<Registered_session> Session_registry;
|
2017-10-28 00:51:16 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Convenience utities for parsing quotas
|
|
|
|
|
*/
|
|
|
|
|
Genode::Ram_quota parse_ram_quota(char const *args) {
|
|
|
|
|
return Genode::Ram_quota{
|
|
|
|
|
Genode::Arg_string::find_arg(args, "ram_quota").ulong_value(0)}; }
|
|
|
|
|
Genode::Cap_quota parse_cap_quota(char const *args) {
|
|
|
|
|
return Genode::Cap_quota{
|
|
|
|
|
Genode::Arg_string::find_arg(args, "cap_quota").ulong_value(0)}; }
|
2015-09-04 16:06:03 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
class Vfs_server::Session_component : public File_system::Session_rpc_object,
|
2018-03-31 16:50:49 +02:00
|
|
|
public Session_io_handler
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
|
|
|
|
private:
|
|
|
|
|
|
Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465
2017-12-21 15:42:15 +01:00
|
|
|
Node_space _node_space { };
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-10-28 00:51:16 +02:00
|
|
|
Genode::Ram_quota_guard _ram_guard;
|
|
|
|
|
Genode::Cap_quota_guard _cap_guard;
|
|
|
|
|
Genode::Constrained_ram_allocator _ram_alloc;
|
|
|
|
|
Genode::Heap _alloc;
|
2017-01-04 15:27:42 +01:00
|
|
|
|
|
|
|
|
Genode::Signal_handler<Session_component> _process_packet_handler;
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
Vfs::Dir_file_system &_vfs;
|
2017-01-04 15:27:42 +01:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The root node needs be allocated with the session struct
|
|
|
|
|
* but removeable from the id space at session destruction.
|
|
|
|
|
*/
|
2017-10-28 00:51:16 +02:00
|
|
|
Path const _root_path;
|
2017-01-04 15:27:42 +01:00
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
Genode::Session_label const _label;
|
|
|
|
|
|
2017-10-28 00:51:16 +02:00
|
|
|
bool const _writable;
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
/*
|
|
|
|
|
* XXX Currently, we have only one packet in backlog, which must finish
|
|
|
|
|
* processing before new packets can be processed.
|
|
|
|
|
*/
|
Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465
2017-12-21 15:42:15 +01:00
|
|
|
Packet_descriptor _backlog_packet { };
|
2016-03-30 20:14:15 +02:00
|
|
|
|
|
|
|
|
/****************************
|
|
|
|
|
** Handle to node mapping **
|
|
|
|
|
****************************/
|
|
|
|
|
|
|
|
|
|
/**
|
2017-01-04 15:27:42 +01:00
|
|
|
* Apply functor to node
|
2016-03-30 20:14:15 +02:00
|
|
|
*
|
|
|
|
|
* \throw Invalid_handle
|
|
|
|
|
*/
|
2017-01-04 15:27:42 +01:00
|
|
|
template <typename FUNC>
|
2018-03-31 16:50:49 +02:00
|
|
|
void _apply_node(Node_handle handle, FUNC const &fn)
|
2016-03-30 20:14:15 +02:00
|
|
|
{
|
2017-01-04 15:27:42 +01:00
|
|
|
Node_space::Id id { handle.value };
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
try { return _node_space.apply<Node>(id, fn); }
|
2017-01-04 15:27:42 +01:00
|
|
|
catch (Node_space::Unknown_id) { throw Invalid_handle(); }
|
2016-03-30 20:14:15 +02:00
|
|
|
}
|
|
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
/**
|
|
|
|
|
* Apply functor to typed node
|
|
|
|
|
*
|
|
|
|
|
* \throw Invalid_handle
|
|
|
|
|
*/
|
|
|
|
|
template <typename HANDLE_TYPE, typename FUNC>
|
2017-06-20 14:23:22 +02:00
|
|
|
auto _apply(HANDLE_TYPE handle, FUNC const &fn)
|
|
|
|
|
-> typename Genode::Trait::Functor<decltype(&FUNC::operator())>::Return_type
|
2016-03-30 20:14:15 +02:00
|
|
|
{
|
2017-01-04 15:27:42 +01:00
|
|
|
Node_space::Id id { handle.value };
|
|
|
|
|
|
2017-06-20 14:23:22 +02:00
|
|
|
try { return _node_space.apply<Node>(id, [&] (Node &node) {
|
2017-01-04 15:27:42 +01:00
|
|
|
typedef typename Node_type<HANDLE_TYPE>::Type Typed_node;
|
|
|
|
|
Typed_node *n = dynamic_cast<Typed_node *>(&node);
|
|
|
|
|
if (!n)
|
|
|
|
|
throw Invalid_handle();
|
2017-06-20 14:23:22 +02:00
|
|
|
return fn(*n);
|
2017-01-04 15:27:42 +01:00
|
|
|
}); } catch (Node_space::Unknown_id) { throw Invalid_handle(); }
|
2016-03-30 20:14:15 +02:00
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/******************************
|
|
|
|
|
** Packet-stream processing **
|
|
|
|
|
******************************/
|
|
|
|
|
|
2017-08-15 20:51:53 +02:00
|
|
|
struct Not_ready { };
|
2017-02-01 21:07:14 +01:00
|
|
|
struct Dont_ack { };
|
|
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
/**
|
|
|
|
|
* Perform packet operation
|
2017-02-01 21:07:14 +01:00
|
|
|
*
|
2017-08-15 20:51:53 +02:00
|
|
|
* \throw Not_ready
|
2017-02-01 21:07:14 +01:00
|
|
|
* \throw Dont_ack
|
2015-09-04 16:06:03 +02:00
|
|
|
*/
|
|
|
|
|
void _process_packet_op(Packet_descriptor &packet)
|
|
|
|
|
{
|
|
|
|
|
void * const content = tx_sink()->packet_content(packet);
|
|
|
|
|
size_t const length = packet.length();
|
2016-03-30 20:14:15 +02:00
|
|
|
seek_off_t const seek = packet.position();
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2016-05-25 15:47:22 +02:00
|
|
|
/* assume failure by default */
|
|
|
|
|
packet.succeeded(false);
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
if ((packet.length() > packet.size()))
|
2015-09-04 16:06:03 +02:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* resulting length */
|
|
|
|
|
size_t res_length = 0;
|
2018-02-13 15:13:06 +01:00
|
|
|
bool succeeded = false;
|
2015-09-04 16:06:03 +02:00
|
|
|
|
|
|
|
|
switch (packet.operation()) {
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
case Packet_descriptor::READ:
|
2017-02-12 10:58:27 +01:00
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
try {
|
2018-03-31 16:50:49 +02:00
|
|
|
_apply(packet.handle(), [&] (Io_node &node) {
|
2017-02-12 10:58:27 +01:00
|
|
|
if (!node.read_ready()) {
|
|
|
|
|
node.notify_read_ready(true);
|
2017-08-15 20:51:53 +02:00
|
|
|
throw Not_ready();
|
2017-02-12 10:58:27 +01:00
|
|
|
}
|
|
|
|
|
|
2018-02-13 15:13:06 +01:00
|
|
|
if (node.mode() & READ_ONLY) {
|
2017-08-15 20:51:53 +02:00
|
|
|
res_length = node.read((char *)content, length, seek);
|
2018-02-13 15:13:06 +01:00
|
|
|
/* no way to distinguish EOF from unsuccessful
|
|
|
|
|
reads, both have res_length == 0 */
|
|
|
|
|
succeeded = true;
|
|
|
|
|
}
|
2017-02-01 21:07:14 +01:00
|
|
|
});
|
2017-02-12 10:58:27 +01:00
|
|
|
}
|
2017-08-15 20:51:53 +02:00
|
|
|
catch (Not_ready) { throw; }
|
|
|
|
|
catch (Operation_incomplete) { throw Not_ready(); }
|
|
|
|
|
catch (...) { }
|
2017-02-12 10:58:27 +01:00
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
break;
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
case Packet_descriptor::WRITE:
|
2017-08-15 20:51:53 +02:00
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
try {
|
2018-03-31 16:50:49 +02:00
|
|
|
_apply(packet.handle(), [&] (Io_node &node) {
|
2018-02-13 15:13:06 +01:00
|
|
|
if (node.mode() & WRITE_ONLY) {
|
2017-08-15 20:51:53 +02:00
|
|
|
res_length = node.write((char const *)content, length, seek);
|
2018-02-13 15:13:06 +01:00
|
|
|
|
|
|
|
|
/* File system session can't handle partial writes */
|
|
|
|
|
if (res_length != length) {
|
|
|
|
|
Genode::error("partial write detected ",
|
|
|
|
|
res_length, " vs ", length);
|
|
|
|
|
/* don't acknowledge */
|
|
|
|
|
throw Dont_ack();
|
|
|
|
|
}
|
|
|
|
|
succeeded = true;
|
|
|
|
|
}
|
2017-02-01 21:07:14 +01:00
|
|
|
});
|
2017-08-15 20:51:53 +02:00
|
|
|
} catch (Operation_incomplete) {
|
|
|
|
|
throw Not_ready();
|
2017-02-01 21:07:14 +01:00
|
|
|
} catch (...) { }
|
2015-09-04 16:06:03 +02:00
|
|
|
break;
|
2017-01-31 15:36:00 +01:00
|
|
|
|
|
|
|
|
case Packet_descriptor::READ_READY:
|
2017-08-15 20:51:53 +02:00
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
try {
|
|
|
|
|
_apply(static_cast<File_handle>(packet.handle().value), [] (File &node) {
|
2017-02-12 10:58:27 +01:00
|
|
|
if (!node.read_ready()) {
|
|
|
|
|
node.notify_read_ready(true);
|
|
|
|
|
throw Dont_ack();
|
|
|
|
|
}
|
2017-02-01 21:07:14 +01:00
|
|
|
});
|
2018-02-13 15:13:06 +01:00
|
|
|
succeeded = true;
|
2017-02-12 10:58:27 +01:00
|
|
|
}
|
|
|
|
|
catch (Dont_ack) { throw; }
|
|
|
|
|
catch (...) { }
|
|
|
|
|
break;
|
2017-04-20 19:02:43 +02:00
|
|
|
|
|
|
|
|
case Packet_descriptor::CONTENT_CHANGED:
|
2018-03-31 16:50:49 +02:00
|
|
|
Genode::warning("ignoring CONTENT_CHANGED packet from client");
|
2017-04-20 19:02:43 +02:00
|
|
|
throw Dont_ack();
|
2017-08-15 20:51:53 +02:00
|
|
|
|
|
|
|
|
case Packet_descriptor::SYNC:
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Sync the VFS and send any pending signals on the node.
|
|
|
|
|
*/
|
|
|
|
|
try {
|
2018-03-31 16:50:49 +02:00
|
|
|
_apply(packet.handle(), [&] (Io_node &node) {
|
2017-08-15 20:51:53 +02:00
|
|
|
node.sync();
|
2018-02-13 15:13:06 +01:00
|
|
|
succeeded = true;
|
2017-08-15 20:51:53 +02:00
|
|
|
});
|
|
|
|
|
} catch (Operation_incomplete) {
|
|
|
|
|
throw Not_ready();
|
|
|
|
|
} catch (...) { Genode::error("SYNC: unhandled exception"); }
|
|
|
|
|
break;
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
2016-04-02 21:26:37 +02:00
|
|
|
packet.length(res_length);
|
2018-02-13 15:13:06 +01:00
|
|
|
packet.succeeded(succeeded);
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
bool _try_process_packet_op(Packet_descriptor &packet)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
_process_packet_op(packet);
|
|
|
|
|
return true;
|
2017-08-15 20:51:53 +02:00
|
|
|
} catch (Not_ready) {
|
2017-02-01 21:07:14 +01:00
|
|
|
_backlog_packet = packet;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool _process_backlog()
|
|
|
|
|
{
|
|
|
|
|
/* indicate success if there's no backlog */
|
2017-08-15 20:51:53 +02:00
|
|
|
if (!_backlog_packet.size() &&
|
|
|
|
|
(_backlog_packet.operation() != Packet_descriptor::SYNC)) {
|
2017-02-01 21:07:14 +01:00
|
|
|
return true;
|
2017-08-15 20:51:53 +02:00
|
|
|
}
|
2017-02-01 21:07:14 +01:00
|
|
|
|
|
|
|
|
/* only start processing if acknowledgement is possible */
|
|
|
|
|
if (!tx_sink()->ready_to_ack())
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
if (!_try_process_packet_op(_backlog_packet))
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The 'acknowledge_packet' function cannot block because we
|
|
|
|
|
* checked for 'ready_to_ack' in '_process_packets'.
|
|
|
|
|
*/
|
|
|
|
|
tx_sink()->acknowledge_packet(_backlog_packet);
|
|
|
|
|
|
|
|
|
|
/* invalidate backlog packet */
|
|
|
|
|
_backlog_packet = Packet_descriptor();
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool _process_packet()
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
|
|
|
|
Packet_descriptor packet = tx_sink()->get_packet();
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
if (!_try_process_packet_op(packet))
|
|
|
|
|
return false;
|
2015-09-04 16:06:03 +02:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The 'acknowledge_packet' function cannot block because we
|
|
|
|
|
* checked for 'ready_to_ack' in '_process_packets'.
|
|
|
|
|
*/
|
|
|
|
|
tx_sink()->acknowledge_packet(packet);
|
2017-02-01 21:07:14 +01:00
|
|
|
|
|
|
|
|
return true;
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Called by signal dispatcher, executed in the context of the main
|
|
|
|
|
* thread (not serialized with the RPC functions)
|
|
|
|
|
*/
|
2016-05-25 15:47:22 +02:00
|
|
|
void _process_packets()
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
2017-02-01 21:07:14 +01:00
|
|
|
/*
|
|
|
|
|
* XXX Process client backlog before looking at new requests. This
|
|
|
|
|
* limits the number of simultaneously addressed handles (which
|
|
|
|
|
* was also the case before adding the backlog in case of
|
|
|
|
|
* blocking operations).
|
|
|
|
|
*/
|
|
|
|
|
if (!_process_backlog())
|
|
|
|
|
/* backlog not cleared - block for next condition change */
|
|
|
|
|
return;
|
|
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
while (tx_sink()->packet_avail()) {
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Make sure that the '_process_packet' function does not
|
|
|
|
|
* block.
|
|
|
|
|
*
|
|
|
|
|
* If the acknowledgement queue is full, we defer packet
|
|
|
|
|
* processing until the client processed pending
|
|
|
|
|
* acknowledgements and thereby emitted a ready-to-ack
|
|
|
|
|
* signal. Otherwise, the call of 'acknowledge_packet()'
|
|
|
|
|
* in '_process_packet' would infinitely block the context
|
|
|
|
|
* of the main thread. The main thread is however needed
|
|
|
|
|
* for receiving any subsequent 'ready-to-ack' signals.
|
|
|
|
|
*/
|
|
|
|
|
if (!tx_sink()->ready_to_ack())
|
|
|
|
|
return;
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
try {
|
|
|
|
|
if (!_process_packet())
|
|
|
|
|
return;
|
|
|
|
|
} catch (Dont_ack) { }
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if string represents a valid path (must start with '/')
|
|
|
|
|
*/
|
|
|
|
|
static void _assert_valid_path(char const *path) {
|
2016-05-25 15:47:22 +02:00
|
|
|
if (!path || path[0] != '/') throw Lookup_failed(); }
|
2015-09-04 16:06:03 +02:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if string represents a valid name (must not contain '/')
|
|
|
|
|
*/
|
2016-03-30 20:14:15 +02:00
|
|
|
static void _assert_valid_name(char const *name)
|
|
|
|
|
{
|
|
|
|
|
if (!*name) throw Invalid_name();
|
2015-09-04 16:06:03 +02:00
|
|
|
for (char const *p = name; *p; ++p)
|
|
|
|
|
if (*p == '/')
|
2016-03-30 20:14:15 +02:00
|
|
|
throw Invalid_name();
|
|
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
void _close(Node &node)
|
|
|
|
|
{
|
|
|
|
|
if (File *file = dynamic_cast<File*>(&node))
|
|
|
|
|
destroy(_alloc, file);
|
|
|
|
|
else if (Directory *dir = dynamic_cast<Directory*>(&node))
|
|
|
|
|
destroy(_alloc, dir);
|
|
|
|
|
else if (Symlink *link = dynamic_cast<Symlink*>(&node))
|
|
|
|
|
destroy(_alloc, link);
|
2018-03-31 16:50:49 +02:00
|
|
|
else if (Watch_node *watch = dynamic_cast<Watch_node*>(&node))
|
|
|
|
|
destroy(_alloc, watch);
|
2017-01-04 15:27:42 +01:00
|
|
|
else
|
|
|
|
|
destroy(_alloc, &node);
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
public:
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Constructor
|
|
|
|
|
* \param ep thead entrypoint for session
|
|
|
|
|
* \param cache node cache
|
|
|
|
|
* \param tx_buf_size shared transmission buffer size
|
|
|
|
|
* \param root_path path root of the session
|
|
|
|
|
* \param writable whether the session can modify files
|
|
|
|
|
*/
|
2016-05-25 15:47:22 +02:00
|
|
|
|
|
|
|
|
Session_component(Genode::Env &env,
|
2018-03-31 16:50:49 +02:00
|
|
|
char const *label,
|
2017-10-28 00:51:16 +02:00
|
|
|
Genode::Ram_quota ram_quota,
|
|
|
|
|
Genode::Cap_quota cap_quota,
|
2016-03-30 20:14:15 +02:00
|
|
|
size_t tx_buf_size,
|
|
|
|
|
Vfs::Dir_file_system &vfs,
|
|
|
|
|
char const *root_path,
|
|
|
|
|
bool writable)
|
2015-09-04 16:06:03 +02:00
|
|
|
:
|
2017-01-16 17:04:28 +01:00
|
|
|
Session_rpc_object(env.ram().alloc(tx_buf_size), env.rm(), env.ep().rpc_ep()),
|
2017-10-28 00:51:16 +02:00
|
|
|
_ram_guard(ram_quota),
|
|
|
|
|
_cap_guard(cap_quota),
|
|
|
|
|
_ram_alloc(env.pd(), _ram_guard, _cap_guard),
|
|
|
|
|
_alloc(_ram_alloc, env.rm()),
|
2017-01-04 15:27:42 +01:00
|
|
|
_process_packet_handler(env.ep(), *this, &Session_component::_process_packets),
|
2016-03-30 20:14:15 +02:00
|
|
|
_vfs(vfs),
|
2017-10-28 00:51:16 +02:00
|
|
|
_root_path(root_path),
|
2018-03-31 16:50:49 +02:00
|
|
|
_label(label),
|
2015-09-04 16:06:03 +02:00
|
|
|
_writable(writable)
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* Register '_process_packets' dispatch function as signal
|
|
|
|
|
* handler for packet-avail and ready-to-ack signals.
|
|
|
|
|
*/
|
2017-01-04 15:27:42 +01:00
|
|
|
_tx.sigh_packet_avail(_process_packet_handler);
|
|
|
|
|
_tx.sigh_ready_to_ack(_process_packet_handler);
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Destructor
|
|
|
|
|
*/
|
|
|
|
|
~Session_component()
|
|
|
|
|
{
|
2017-01-04 15:27:42 +01:00
|
|
|
while (_node_space.apply_any<Node>([&] (Node &node) {
|
|
|
|
|
_close(node); })) { }
|
2016-03-30 20:14:15 +02:00
|
|
|
}
|
|
|
|
|
|
2017-10-28 00:51:16 +02:00
|
|
|
/**
|
|
|
|
|
* Increase quotas
|
|
|
|
|
*/
|
|
|
|
|
void upgrade(Genode::Ram_quota ram) {
|
|
|
|
|
_ram_guard.upgrade(ram); }
|
|
|
|
|
void upgrade(Genode::Cap_quota caps) {
|
|
|
|
|
_cap_guard.upgrade(caps); }
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-08-15 20:51:53 +02:00
|
|
|
/*
|
|
|
|
|
* Called by the IO response handler for events which are not
|
|
|
|
|
* node-specific, for example after 'release_packet()' to signal
|
|
|
|
|
* that a previously failed 'alloc_packet()' may succeed now.
|
|
|
|
|
*/
|
2018-03-31 16:50:49 +02:00
|
|
|
void handle_general_io() {
|
|
|
|
|
_process_packets(); }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/********************************
|
|
|
|
|
** Node_io_handler interface **
|
|
|
|
|
********************************/
|
2017-08-15 20:51:53 +02:00
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
void handle_node_io(Io_node &node) override
|
2017-08-15 20:51:53 +02:00
|
|
|
{
|
2018-03-31 16:50:49 +02:00
|
|
|
if (!tx_sink()->ready_to_ack())
|
|
|
|
|
Genode::error(
|
|
|
|
|
"dropping I/O notfication, congested packet buffer to '", _label, "'");
|
|
|
|
|
|
2017-08-15 20:51:53 +02:00
|
|
|
if (node.notify_read_ready() && node.read_ready()
|
2017-02-12 10:58:27 +01:00
|
|
|
&& tx_sink()->ready_to_ack()) {
|
2017-02-01 21:07:14 +01:00
|
|
|
Packet_descriptor packet(Packet_descriptor(),
|
2017-08-15 20:51:53 +02:00
|
|
|
Node_handle { node.id().value },
|
2017-02-01 21:07:14 +01:00
|
|
|
Packet_descriptor::READ_READY,
|
|
|
|
|
0, 0);
|
2018-02-26 16:44:10 +01:00
|
|
|
packet.succeeded(true);
|
2017-02-01 21:07:14 +01:00
|
|
|
tx_sink()->acknowledge_packet(packet);
|
2017-08-15 20:51:53 +02:00
|
|
|
node.notify_read_ready(false);
|
2017-02-01 21:07:14 +01:00
|
|
|
}
|
|
|
|
|
_process_packets();
|
|
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
void handle_node_watch(Watch_node &node) override
|
|
|
|
|
{
|
|
|
|
|
if (!tx_sink()->ready_to_ack())
|
|
|
|
|
Genode::error(
|
|
|
|
|
"dropping watch notfication, congested packet buffer to '", _label, "'");
|
|
|
|
|
|
|
|
|
|
if (tx_sink()->ready_to_ack()) {
|
|
|
|
|
Packet_descriptor packet(Packet_descriptor(),
|
|
|
|
|
Node_handle { node.id().value },
|
|
|
|
|
Packet_descriptor::CONTENT_CHANGED,
|
|
|
|
|
0, 0);
|
|
|
|
|
tx_sink()->acknowledge_packet(packet);
|
|
|
|
|
}
|
|
|
|
|
_process_packets();
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
/***************************
|
|
|
|
|
** File_system interface **
|
|
|
|
|
***************************/
|
|
|
|
|
|
2016-03-30 20:14:15 +02:00
|
|
|
Dir_handle dir(File_system::Path const &path, bool create) override
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
2016-03-30 20:14:15 +02:00
|
|
|
if (create && (!_writable))
|
2015-09-04 16:06:03 +02:00
|
|
|
throw Permission_denied();
|
|
|
|
|
|
|
|
|
|
char const *path_str = path.string();
|
2017-09-28 18:20:03 +02:00
|
|
|
|
|
|
|
|
if (!strcmp(path_str, "/") && create)
|
|
|
|
|
throw Node_already_exists();
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
_assert_valid_path(path_str);
|
2017-10-28 00:51:16 +02:00
|
|
|
Vfs_server::Path fullpath(_root_path);
|
2017-10-24 04:59:14 +02:00
|
|
|
if (path_str[1] != '\0')
|
|
|
|
|
fullpath.append(path_str);
|
2016-03-30 20:14:15 +02:00
|
|
|
path_str = fullpath.base();
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2016-05-11 18:21:47 +02:00
|
|
|
if (!create && !_vfs.directory(path_str))
|
2016-03-30 20:14:15 +02:00
|
|
|
throw Lookup_failed();
|
|
|
|
|
|
|
|
|
|
Directory *dir;
|
2017-08-15 20:51:53 +02:00
|
|
|
try { dir = new (_alloc) Directory(_node_space, _vfs, _alloc,
|
2017-10-28 00:51:16 +02:00
|
|
|
*this, path_str, create); }
|
Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-07 22:03:22 +02:00
|
|
|
catch (Out_of_memory) { throw Out_of_ram(); }
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
return Dir_handle(dir->id().value);
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
File_handle file(Dir_handle dir_handle, Name const &name,
|
|
|
|
|
Mode fs_mode, bool create) override
|
|
|
|
|
{
|
2016-03-30 20:14:15 +02:00
|
|
|
if ((create || (fs_mode & WRITE_ONLY)) && (!_writable))
|
|
|
|
|
throw Permission_denied();
|
|
|
|
|
|
2017-06-20 14:23:22 +02:00
|
|
|
return _apply(dir_handle, [&] (Directory &dir) {
|
2017-01-04 15:27:42 +01:00
|
|
|
char const *name_str = name.string();
|
|
|
|
|
_assert_valid_name(name_str);
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-06-20 14:23:22 +02:00
|
|
|
return File_handle {
|
2018-03-31 16:50:49 +02:00
|
|
|
dir.file(_node_space, _vfs, _alloc, name_str, fs_mode, create).value
|
2017-06-20 14:23:22 +02:00
|
|
|
};
|
2017-01-04 15:27:42 +01:00
|
|
|
});
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Symlink_handle symlink(Dir_handle dir_handle, Name const &name, bool create) override
|
|
|
|
|
{
|
|
|
|
|
if (create && !_writable) throw Permission_denied();
|
|
|
|
|
|
2017-06-20 14:23:22 +02:00
|
|
|
return _apply(dir_handle, [&] (Directory &dir) {
|
2017-01-04 15:27:42 +01:00
|
|
|
char const *name_str = name.string();
|
|
|
|
|
_assert_valid_name(name_str);
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-06-20 14:23:22 +02:00
|
|
|
return Symlink_handle {dir.symlink(
|
2017-01-04 15:27:42 +01:00
|
|
|
_node_space, _vfs, _alloc, name_str,
|
2017-06-20 14:23:22 +02:00
|
|
|
_writable ? READ_WRITE : READ_ONLY, create).value
|
|
|
|
|
};
|
2017-01-04 15:27:42 +01:00
|
|
|
});
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
2016-03-30 20:14:15 +02:00
|
|
|
Node_handle node(File_system::Path const &path) override
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
|
|
|
|
char const *path_str = path.string();
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
_assert_valid_path(path_str);
|
|
|
|
|
|
|
|
|
|
/* re-root the path */
|
2017-10-28 00:51:16 +02:00
|
|
|
Path sub_path(path_str+1, _root_path.base());
|
2015-09-04 16:06:03 +02:00
|
|
|
path_str = sub_path.base();
|
2016-03-30 20:14:15 +02:00
|
|
|
if (!_vfs.leaf_path(path_str))
|
|
|
|
|
throw Lookup_failed();
|
|
|
|
|
|
|
|
|
|
Node *node;
|
|
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
try { node = new (_alloc) Node(_node_space, path_str, *this); }
|
Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-07 22:03:22 +02:00
|
|
|
catch (Out_of_memory) { throw Out_of_ram(); }
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-06-20 14:23:22 +02:00
|
|
|
return Node_handle { node->id().value };
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
Watch_handle watch(File_system::Path const &path) override
|
|
|
|
|
{
|
|
|
|
|
char const *path_str = path.string();
|
|
|
|
|
|
|
|
|
|
_assert_valid_path(path_str);
|
|
|
|
|
|
|
|
|
|
/* re-root the path */
|
|
|
|
|
Path sub_path(path_str+1, _root_path.base());
|
|
|
|
|
path_str = sub_path.base();
|
|
|
|
|
|
|
|
|
|
Vfs::Vfs_watch_handle *vfs_handle = nullptr;
|
|
|
|
|
typedef Directory_service::Watch_result Result;
|
|
|
|
|
switch (_vfs.watch(path_str, &vfs_handle, _alloc)) {
|
|
|
|
|
case Result::WATCH_OK: break;
|
|
|
|
|
case Result::WATCH_ERR_UNACCESSIBLE:
|
|
|
|
|
throw Lookup_failed();
|
|
|
|
|
case Result::WATCH_ERR_STATIC:
|
|
|
|
|
throw Unavailable();
|
|
|
|
|
case Result::WATCH_ERR_OUT_OF_RAM:
|
|
|
|
|
throw Out_of_ram();
|
|
|
|
|
case Result::WATCH_ERR_OUT_OF_CAPS:
|
|
|
|
|
throw Out_of_caps();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Node *node;
|
|
|
|
|
try { node = new (_alloc)
|
|
|
|
|
Watch_node(_node_space, path_str, *vfs_handle, *this); }
|
|
|
|
|
catch (Out_of_memory) { throw Out_of_ram(); }
|
|
|
|
|
|
|
|
|
|
return Watch_handle { node->id().value };
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-30 20:14:15 +02:00
|
|
|
void close(Node_handle handle) override
|
|
|
|
|
{
|
2018-03-31 16:50:49 +02:00
|
|
|
try { _apply_node(handle, [&] (Node &node) {
|
2017-09-28 18:20:03 +02:00
|
|
|
_close(node);
|
2017-05-18 00:36:46 +02:00
|
|
|
}); } catch (File_system::Invalid_handle) { }
|
2016-03-30 20:14:15 +02:00
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2016-08-16 18:40:19 +02:00
|
|
|
Status status(Node_handle node_handle) override
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
|
|
|
|
File_system::Status fs_stat;
|
|
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
_apply_node(node_handle, [&] (Node &node) {
|
2017-01-04 15:27:42 +01:00
|
|
|
Directory_service::Stat vfs_stat;
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
if (_vfs.stat(node.path(), vfs_stat) != Directory_service::STAT_OK)
|
2017-09-05 22:13:27 +02:00
|
|
|
throw Invalid_handle();
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
fs_stat.inode = vfs_stat.inode;
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
switch (vfs_stat.mode & (
|
|
|
|
|
Directory_service::STAT_MODE_DIRECTORY |
|
|
|
|
|
Directory_service::STAT_MODE_SYMLINK |
|
|
|
|
|
File_system::Status::MODE_FILE)) {
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
case Directory_service::STAT_MODE_DIRECTORY:
|
|
|
|
|
fs_stat.mode = File_system::Status::MODE_DIRECTORY;
|
|
|
|
|
fs_stat.size = _vfs.num_dirent(node.path()) * sizeof(Directory_entry);
|
|
|
|
|
return;
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
case Directory_service::STAT_MODE_SYMLINK:
|
|
|
|
|
fs_stat.mode = File_system::Status::MODE_SYMLINK;
|
|
|
|
|
break;
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
default: /* Directory_service::STAT_MODE_FILE */
|
|
|
|
|
fs_stat.mode = File_system::Status::MODE_FILE;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
fs_stat.size = vfs_stat.size;
|
|
|
|
|
});
|
2015-09-04 16:06:03 +02:00
|
|
|
return fs_stat;
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-16 18:40:19 +02:00
|
|
|
void unlink(Dir_handle dir_handle, Name const &name) override
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
2016-03-30 20:14:15 +02:00
|
|
|
if (!_writable) throw Permission_denied();
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
_apply(dir_handle, [&] (Directory &dir) {
|
|
|
|
|
char const *name_str = name.string();
|
|
|
|
|
_assert_valid_name(name_str);
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
Path path(name_str, dir.path());
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
assert_unlink(_vfs.unlink(path.base()));
|
|
|
|
|
dir.mark_as_updated();
|
|
|
|
|
});
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
void truncate(File_handle file_handle, file_size_t size) override
|
|
|
|
|
{
|
2017-01-04 15:27:42 +01:00
|
|
|
_apply(file_handle, [&] (File &file) {
|
2017-02-01 21:07:14 +01:00
|
|
|
file.truncate(size); });
|
|
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
|
|
|
|
|
void move(Dir_handle from_dir_handle, Name const &from_name,
|
2016-08-16 18:40:19 +02:00
|
|
|
Dir_handle to_dir_handle, Name const &to_name) override
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
|
|
|
|
if (!_writable)
|
|
|
|
|
throw Permission_denied();
|
|
|
|
|
|
|
|
|
|
char const *from_str = from_name.string();
|
|
|
|
|
char const *to_str = to_name.string();
|
|
|
|
|
|
|
|
|
|
_assert_valid_name(from_str);
|
|
|
|
|
_assert_valid_name( to_str);
|
|
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
_apply(from_dir_handle, [&] (Directory &from_dir) {
|
|
|
|
|
_apply(to_dir_handle, [&] (Directory &to_dir) {
|
|
|
|
|
Path from_path(from_str, from_dir.path());
|
|
|
|
|
Path to_path( to_str, to_dir.path());
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
assert_rename(_vfs.rename(from_path.base(), to_path.base()));
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-01-04 15:27:42 +01:00
|
|
|
from_dir.mark_as_updated();
|
|
|
|
|
to_dir.mark_as_updated();
|
|
|
|
|
});
|
|
|
|
|
});
|
2016-03-30 20:14:15 +02:00
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2016-08-16 18:40:19 +02:00
|
|
|
void control(Node_handle, Control) override { }
|
2015-09-04 16:06:03 +02:00
|
|
|
};
|
|
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
/**
|
|
|
|
|
* Global vfs event handler
|
|
|
|
|
*/
|
|
|
|
|
struct Vfs_server::Event_response_handler : Vfs::Io_response_handler
|
2017-01-31 16:38:23 +01:00
|
|
|
{
|
2017-02-01 21:07:14 +01:00
|
|
|
Session_registry &_session_registry;
|
|
|
|
|
|
2017-08-15 20:51:53 +02:00
|
|
|
bool _in_progress { false };
|
|
|
|
|
bool _handle_general_io { false };
|
|
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
Event_response_handler(Session_registry &session_registry)
|
2017-02-01 21:07:14 +01:00
|
|
|
: _session_registry(session_registry) { }
|
|
|
|
|
|
|
|
|
|
void handle_io_response(Vfs::Vfs_handle::Context *context) override
|
2017-01-31 16:38:23 +01:00
|
|
|
{
|
2017-08-15 20:51:53 +02:00
|
|
|
if (_in_progress) {
|
|
|
|
|
/* called recursively, context is nullptr in this case */
|
|
|
|
|
_handle_general_io = true;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_in_progress = true;
|
|
|
|
|
|
Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465
2017-12-21 15:42:15 +01:00
|
|
|
if (context)
|
2018-03-31 16:50:49 +02:00
|
|
|
Io_node::node_by_context(*context).handle_io_response();
|
2017-08-15 20:51:53 +02:00
|
|
|
else
|
|
|
|
|
_handle_general_io = true;
|
|
|
|
|
|
|
|
|
|
while (_handle_general_io) {
|
|
|
|
|
_handle_general_io = false;
|
|
|
|
|
_session_registry.for_each([ ] (Registered_session &r) {
|
|
|
|
|
r.handle_general_io();
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_in_progress = false;
|
2017-01-31 16:38:23 +01:00
|
|
|
}
|
2018-03-31 16:50:49 +02:00
|
|
|
|
|
|
|
|
void handle_watch_response(Vfs::Vfs_watch_handle::Context *context) override
|
|
|
|
|
{
|
|
|
|
|
if (context)
|
|
|
|
|
Watch_node::node_by_context(*context).handle_watch_response();
|
|
|
|
|
}
|
2017-01-31 16:38:23 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465
2017-12-21 15:42:15 +01:00
|
|
|
class Vfs_server::Root : public Genode::Root_component<Session_component>
|
2015-09-04 16:06:03 +02:00
|
|
|
{
|
|
|
|
|
private:
|
|
|
|
|
|
2016-05-25 15:47:22 +02:00
|
|
|
Genode::Env &_env;
|
2017-10-28 00:51:16 +02:00
|
|
|
|
|
|
|
|
/* heap for internal VFS allocation */
|
|
|
|
|
Genode::Heap _vfs_heap { &_env.ram(), &_env.rm() };
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-01-30 16:41:05 +01:00
|
|
|
Genode::Attached_rom_dataspace _config_rom { _env, "config" };
|
|
|
|
|
|
|
|
|
|
Genode::Xml_node vfs_config()
|
|
|
|
|
{
|
|
|
|
|
try { return _config_rom.xml().sub_node("vfs"); }
|
|
|
|
|
catch (...) {
|
|
|
|
|
Genode::error("VFS not configured");
|
|
|
|
|
_env.parent().exit(~0);
|
|
|
|
|
throw;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Follow practices suggested by "Effective C++"
The patch adjust the code of the base, base-<kernel>, and os repository.
To adapt existing components to fix violations of the best practices
suggested by "Effective C++" as reported by the -Weffc++ compiler
argument. The changes follow the patterns outlined below:
* A class with virtual functions can no longer publicly inherit base
classed without a vtable. The inherited object may either be moved
to a member variable, or inherited privately. The latter would be
used for classes that inherit 'List::Element' or 'Avl_node'. In order
to enable the 'List' and 'Avl_tree' to access the meta data, the
'List' must become a friend.
* Instead of adding a virtual destructor to abstract base classes,
we inherit the new 'Interface' class, which contains a virtual
destructor. This way, single-line abstract base classes can stay
as compact as they are now. The 'Interface' utility resides in
base/include/util/interface.h.
* With the new warnings enabled, all member variables must be explicitly
initialized. Basic types may be initialized with '='. All other types
are initialized with braces '{ ... }' or as class initializers. If
basic types and non-basic types appear in a row, it is nice to only
use the brace syntax (also for basic types) and align the braces.
* If a class contains pointers as members, it must now also provide a
copy constructor and assignment operator. In the most cases, one
would make them private, effectively disallowing the objects to be
copied. Unfortunately, this warning cannot be fixed be inheriting
our existing 'Noncopyable' class (the compiler fails to detect that
the inheriting class cannot be copied and still gives the error).
For now, we have to manually add declarations for both the copy
constructor and assignment operator as private class members. Those
declarations should be prepended with a comment like this:
/*
* Noncopyable
*/
Thread(Thread const &);
Thread &operator = (Thread const &);
In the future, we should revisit these places and try to replace
the pointers with references. In the presence of at least one
reference member, the compiler would no longer implicitly generate
a copy constructor. So we could remove the manual declaration.
Issue #465
2017-12-21 15:42:15 +01:00
|
|
|
Session_registry _session_registry { };
|
2017-02-01 21:07:14 +01:00
|
|
|
|
2018-03-31 16:50:49 +02:00
|
|
|
Event_response_handler _response_handler { _session_registry };
|
2017-01-31 16:38:23 +01:00
|
|
|
|
2017-10-28 00:51:16 +02:00
|
|
|
Vfs::Global_file_system_factory _global_file_system_factory { _vfs_heap };
|
2017-02-16 10:10:23 +01:00
|
|
|
|
2017-01-31 16:38:23 +01:00
|
|
|
Vfs::Dir_file_system _vfs {
|
2018-03-31 16:50:49 +02:00
|
|
|
_env, _vfs_heap, vfs_config(), _response_handler,
|
2018-03-02 13:30:10 +01:00
|
|
|
_global_file_system_factory };
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-10-28 00:51:16 +02:00
|
|
|
Genode::Signal_handler<Root> _config_handler {
|
2017-02-07 19:03:23 +01:00
|
|
|
_env.ep(), *this, &Root::_config_update };
|
|
|
|
|
|
|
|
|
|
void _config_update()
|
|
|
|
|
{
|
|
|
|
|
_config_rom.update();
|
|
|
|
|
_vfs.apply_config(vfs_config());
|
|
|
|
|
}
|
|
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
protected:
|
|
|
|
|
|
|
|
|
|
Session_component *_create_session(const char *args) override
|
|
|
|
|
{
|
2016-03-30 20:14:15 +02:00
|
|
|
using namespace Genode;
|
|
|
|
|
|
2017-01-30 16:41:05 +01:00
|
|
|
Session_label const label = label_from_args(args);
|
2016-03-30 20:14:15 +02:00
|
|
|
Path session_root;
|
2015-09-04 16:06:03 +02:00
|
|
|
bool writeable = false;
|
|
|
|
|
|
2017-01-30 16:41:05 +01:00
|
|
|
/*****************
|
|
|
|
|
** Quota check **
|
|
|
|
|
*****************/
|
|
|
|
|
|
2017-10-28 00:51:16 +02:00
|
|
|
auto const initial_ram_usage = _env.pd().used_ram().value;
|
|
|
|
|
auto const initial_cap_usage = _env.pd().used_caps().value;
|
|
|
|
|
|
|
|
|
|
auto const ram_quota = parse_ram_quota(args).value;
|
|
|
|
|
auto const cap_quota = parse_cap_quota(args).value;
|
|
|
|
|
|
2017-01-30 16:41:05 +01:00
|
|
|
size_t tx_buf_size =
|
|
|
|
|
Arg_string::find_arg(args, "tx_buf_size").aligned_size();
|
|
|
|
|
|
|
|
|
|
if (!tx_buf_size)
|
Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-07 22:03:22 +02:00
|
|
|
throw Service_denied();
|
2017-01-30 16:41:05 +01:00
|
|
|
|
|
|
|
|
size_t session_size =
|
|
|
|
|
max((size_t)4096, sizeof(Session_component)) +
|
|
|
|
|
tx_buf_size;
|
|
|
|
|
|
|
|
|
|
if (session_size > ram_quota) {
|
|
|
|
|
error("insufficient 'ram_quota' from '", label, "' "
|
|
|
|
|
"got ", ram_quota, ", need ", session_size);
|
2017-05-08 14:32:03 +02:00
|
|
|
throw Insufficient_ram_quota();
|
2017-01-30 16:41:05 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**************************
|
|
|
|
|
** Apply session policy **
|
|
|
|
|
**************************/
|
|
|
|
|
|
|
|
|
|
/* pull in policy changes */
|
|
|
|
|
_config_rom.update();
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2016-03-30 20:14:15 +02:00
|
|
|
char tmp[MAX_PATH_LEN];
|
2015-09-04 16:06:03 +02:00
|
|
|
try {
|
2017-01-30 16:41:05 +01:00
|
|
|
Session_policy policy(label, _config_rom.xml());
|
2015-09-04 16:06:03 +02:00
|
|
|
|
2017-04-03 19:24:19 +02:00
|
|
|
/* determine optional session root offset. */
|
2015-09-04 16:06:03 +02:00
|
|
|
try {
|
2016-03-30 20:14:15 +02:00
|
|
|
policy.attribute("root").value(tmp, sizeof(tmp));
|
|
|
|
|
session_root.import(tmp, "/");
|
2015-09-04 16:06:03 +02:00
|
|
|
} catch (Xml_node::Nonexistent_attribute) { }
|
|
|
|
|
|
2017-04-03 19:24:19 +02:00
|
|
|
/*
|
|
|
|
|
* Determine if the session is writeable.
|
|
|
|
|
* Policy overrides client argument, both default to false.
|
2015-09-04 16:06:03 +02:00
|
|
|
*/
|
|
|
|
|
if (policy.attribute_value("writeable", false))
|
|
|
|
|
writeable = Arg_string::find_arg(args, "writeable").bool_value(false);
|
|
|
|
|
|
2017-04-03 19:24:19 +02:00
|
|
|
} catch (Session_policy::No_policy_defined) {
|
|
|
|
|
/* missing policy - deny request */
|
Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-07 22:03:22 +02:00
|
|
|
throw Service_denied();
|
2017-04-03 19:24:19 +02:00
|
|
|
}
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-04-03 19:24:19 +02:00
|
|
|
/* apply client's root offset. */
|
2016-03-30 20:14:15 +02:00
|
|
|
Arg_string::find_arg(args, "root").string(tmp, sizeof(tmp), "/");
|
|
|
|
|
if (Genode::strcmp("/", tmp, sizeof(tmp))) {
|
|
|
|
|
session_root.append("/");
|
|
|
|
|
session_root.append(tmp);
|
2017-05-18 00:36:46 +02:00
|
|
|
session_root.remove_trailing('/');
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* check if the session root exists */
|
2016-05-11 18:21:47 +02:00
|
|
|
if (!((session_root == "/") || _vfs.directory(session_root.base()))) {
|
2016-08-16 18:40:19 +02:00
|
|
|
error("session root '", session_root, "' not found for '", label, "'");
|
Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-07 22:03:22 +02:00
|
|
|
throw Service_denied();
|
2015-09-04 16:06:03 +02:00
|
|
|
}
|
|
|
|
|
|
2017-02-01 21:07:14 +01:00
|
|
|
Session_component *session = new (md_alloc())
|
2018-03-31 16:50:49 +02:00
|
|
|
Registered_session(_session_registry, _env, label.string(),
|
2017-10-28 00:51:16 +02:00
|
|
|
Genode::Ram_quota{ram_quota},
|
|
|
|
|
Genode::Cap_quota{cap_quota},
|
|
|
|
|
tx_buf_size, _vfs,
|
2017-02-01 21:07:14 +01:00
|
|
|
session_root.base(), writeable);
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2017-10-28 00:51:16 +02:00
|
|
|
auto ram_used = _env.pd().used_ram().value - initial_ram_usage;
|
|
|
|
|
auto cap_used = _env.pd().used_caps().value - initial_cap_usage;
|
|
|
|
|
|
|
|
|
|
if ((ram_used > ram_quota) || (cap_used > cap_quota)) {
|
|
|
|
|
if (ram_used > ram_quota)
|
2017-12-05 15:10:34 +01:00
|
|
|
Genode::warning("ram donation is ", ram_quota,
|
|
|
|
|
" but used RAM is ", ram_used, "B"
|
|
|
|
|
", '", label, "'");
|
2017-10-28 00:51:16 +02:00
|
|
|
if (cap_used > cap_quota)
|
2017-12-05 15:10:34 +01:00
|
|
|
Genode::warning("cap donation is ", cap_quota,
|
|
|
|
|
" but used caps is ", cap_used,
|
|
|
|
|
", '", label, "'");
|
2017-10-28 00:51:16 +02:00
|
|
|
}
|
|
|
|
|
|
2016-08-16 18:40:19 +02:00
|
|
|
Genode::log("session opened for '", label, "' at '", session_root, "'");
|
2015-09-04 16:06:03 +02:00
|
|
|
return session;
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-30 20:14:15 +02:00
|
|
|
void _upgrade_session(Session_component *session,
|
2017-10-28 00:51:16 +02:00
|
|
|
char const *args) override
|
|
|
|
|
{
|
|
|
|
|
Genode::Ram_quota more_ram = parse_ram_quota(args);
|
|
|
|
|
Genode::Cap_quota more_caps = parse_cap_quota(args);
|
|
|
|
|
|
|
|
|
|
if (more_ram.value > 0)
|
|
|
|
|
session->upgrade(more_ram);
|
|
|
|
|
if (more_caps.value > 0)
|
|
|
|
|
session->upgrade(more_caps);
|
|
|
|
|
}
|
2016-03-30 20:14:15 +02:00
|
|
|
|
2015-09-04 16:06:03 +02:00
|
|
|
public:
|
|
|
|
|
|
2016-05-25 15:47:22 +02:00
|
|
|
Root(Genode::Env &env, Genode::Allocator &md_alloc)
|
2015-09-04 16:06:03 +02:00
|
|
|
:
|
2016-05-25 15:47:22 +02:00
|
|
|
Root_component<Session_component>(&env.ep().rpc_ep(), &md_alloc),
|
|
|
|
|
_env(env)
|
|
|
|
|
{
|
2017-10-28 00:51:16 +02:00
|
|
|
_config_rom.sigh(_config_handler);
|
2016-05-25 15:47:22 +02:00
|
|
|
env.parent().announce(env.ep().manage(*this));
|
|
|
|
|
}
|
2015-09-04 16:06:03 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2016-05-25 15:47:22 +02:00
|
|
|
void Component::construct(Genode::Env &env)
|
2016-03-30 20:14:15 +02:00
|
|
|
{
|
2016-05-25 15:47:22 +02:00
|
|
|
static Genode::Sliced_heap sliced_heap { &env.ram(), &env.rm() };
|
|
|
|
|
|
|
|
|
|
static Vfs_server::Root root { env, sliced_heap };
|
2016-03-30 20:14:15 +02:00
|
|
|
}
|
