2012-01-25 20:04:42 +01:00
|
|
|
/*
|
|
|
|
|
* \brief Convenience helper for running a service as child process
|
|
|
|
|
* \author Norman Feske
|
|
|
|
|
* \author Christian Helmuth
|
|
|
|
|
* \date 2012-01-25
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
2013-01-10 21:44:47 +01:00
|
|
|
* Copyright (C) 2012-2013 Genode Labs GmbH
|
2012-01-25 20:04:42 +01:00
|
|
|
*
|
|
|
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
|
|
|
* under the terms of the GNU General Public License version 2.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#ifndef _INCLUDE__OS__SLAVE_H_
|
|
|
|
|
#define _INCLUDE__OS__SLAVE_H_
|
|
|
|
|
|
|
|
|
|
/* Genode includes */
|
|
|
|
|
#include <base/rpc_server.h>
|
|
|
|
|
#include <base/child.h>
|
|
|
|
|
#include <init/child_policy.h>
|
|
|
|
|
#include <ram_session/connection.h>
|
|
|
|
|
#include <cpu_session/connection.h>
|
|
|
|
|
#include <rm_session/connection.h>
|
2015-05-05 08:50:16 +02:00
|
|
|
#include <pd_session/connection.h>
|
Support for dynamic ROM sessions, fix #170
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.
Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.
To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.
In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.
The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).
An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
2012-04-04 17:07:19 +02:00
|
|
|
#include <os/child_policy_dynamic_rom.h>
|
2012-01-25 20:04:42 +01:00
|
|
|
|
|
|
|
|
namespace Genode {
|
|
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
class Slave_policy;
|
|
|
|
|
class Slave;
|
|
|
|
|
}
|
2012-01-25 20:04:42 +01:00
|
|
|
|
|
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
/**
|
|
|
|
|
* Slave-policy class
|
|
|
|
|
*
|
|
|
|
|
* This class provides a convenience policy for single-service slaves using a
|
|
|
|
|
* white list of parent services.
|
|
|
|
|
*/
|
|
|
|
|
class Genode::Slave_policy : public Genode::Child_policy
|
|
|
|
|
{
|
|
|
|
|
protected:
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Return white list of services the slave is permitted to use
|
|
|
|
|
*
|
2015-03-20 17:50:41 +01:00
|
|
|
* The list is terminated via a null pointer.
|
2015-03-04 21:12:14 +01:00
|
|
|
*/
|
|
|
|
|
virtual char const **_permitted_services() const = 0;
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
|
|
|
|
|
char const *_label;
|
|
|
|
|
Genode::Service_registry _parent_services;
|
|
|
|
|
Genode::Rpc_entrypoint &_entrypoint;
|
|
|
|
|
Genode::Rom_connection _binary_rom;
|
|
|
|
|
Init::Child_policy_enforce_labeling _labeling_policy;
|
|
|
|
|
Init::Child_policy_provide_rom_file _binary_policy;
|
|
|
|
|
Genode::Child_policy_dynamic_rom_file _config_policy;
|
|
|
|
|
|
|
|
|
|
bool _service_permitted(const char *service_name)
|
|
|
|
|
{
|
|
|
|
|
for (const char **s = _permitted_services(); *s; ++s)
|
|
|
|
|
if (!Genode::strcmp(service_name, *s))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Slave-policy constructor
|
|
|
|
|
*
|
|
|
|
|
* \param label name of the program to start
|
|
|
|
|
* \param entrypoint entrypoint used to provide local services
|
|
|
|
|
* such as the config ROM service
|
|
|
|
|
* \param ram RAM session used for buffering config data
|
|
|
|
|
*
|
|
|
|
|
* If 'ram' is set to 0, no configuration can be supplied to the
|
|
|
|
|
* slave.
|
|
|
|
|
*/
|
|
|
|
|
Slave_policy(const char *label,
|
|
|
|
|
Genode::Rpc_entrypoint &entrypoint,
|
2016-01-08 18:07:09 +01:00
|
|
|
Genode::Ram_session *ram = 0,
|
|
|
|
|
const char *binary = nullptr)
|
2015-03-04 21:12:14 +01:00
|
|
|
:
|
|
|
|
|
_label(label),
|
|
|
|
|
_entrypoint(entrypoint),
|
2016-01-08 18:07:09 +01:00
|
|
|
_binary_rom(binary ? binary : _label, _label),
|
2015-03-04 21:12:14 +01:00
|
|
|
_labeling_policy(_label),
|
|
|
|
|
_binary_policy("binary", _binary_rom.dataspace(), &_entrypoint),
|
|
|
|
|
_config_policy("config", _entrypoint, ram)
|
|
|
|
|
{ }
|
|
|
|
|
|
|
|
|
|
Genode::Dataspace_capability binary() { return _binary_rom.dataspace(); }
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Assign new configuration to slave
|
|
|
|
|
*/
|
|
|
|
|
void configure(char const *config)
|
|
|
|
|
{
|
|
|
|
|
_config_policy.load(config, Genode::strlen(config) + 1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void configure(char const *config, size_t len)
|
|
|
|
|
{
|
|
|
|
|
_config_policy.load(config, len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/****************************
|
|
|
|
|
** Child_policy interface **
|
|
|
|
|
****************************/
|
|
|
|
|
|
|
|
|
|
const char *name() const { return _label; }
|
|
|
|
|
|
|
|
|
|
Genode::Service *resolve_session_request(const char *service_name,
|
|
|
|
|
const char *args)
|
|
|
|
|
{
|
|
|
|
|
Genode::Service *service = 0;
|
|
|
|
|
|
|
|
|
|
/* check for binary file request */
|
|
|
|
|
if ((service = _binary_policy.resolve_session_request(service_name, args)))
|
|
|
|
|
return service;
|
|
|
|
|
|
|
|
|
|
/* check for config file request */
|
|
|
|
|
if ((service = _config_policy.resolve_session_request(service_name, args)))
|
|
|
|
|
return service;
|
|
|
|
|
|
|
|
|
|
if (!_service_permitted(service_name)) {
|
|
|
|
|
PERR("%s: illegal session request of service \"%s\"",
|
|
|
|
|
name(), service_name);
|
|
|
|
|
return 0;
|
Support for dynamic ROM sessions, fix #170
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.
Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.
To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.
In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.
The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).
An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
2012-04-04 17:07:19 +02:00
|
|
|
}
|
|
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
/* fill parent service registry on demand */
|
|
|
|
|
if (!(service = _parent_services.find(service_name))) {
|
|
|
|
|
service = new (Genode::env()->heap())
|
|
|
|
|
Genode::Parent_service(service_name);
|
|
|
|
|
_parent_services.insert(service);
|
2014-06-25 18:12:45 +02:00
|
|
|
}
|
|
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
/* return parent service */
|
|
|
|
|
return service;
|
|
|
|
|
}
|
2012-01-25 20:04:42 +01:00
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
void filter_session_args(const char *service,
|
|
|
|
|
char *args, Genode::size_t args_len)
|
|
|
|
|
{
|
|
|
|
|
_labeling_policy.filter_session_args(service, args, args_len);
|
|
|
|
|
}
|
|
|
|
|
};
|
2012-01-25 20:04:42 +01:00
|
|
|
|
|
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
class Genode::Slave
|
|
|
|
|
{
|
|
|
|
|
private:
|
|
|
|
|
|
|
|
|
|
struct Resources
|
|
|
|
|
{
|
2015-05-05 08:50:16 +02:00
|
|
|
Genode::Pd_connection pd;
|
2015-03-04 21:12:14 +01:00
|
|
|
Genode::Ram_connection ram;
|
|
|
|
|
Genode::Cpu_connection cpu;
|
|
|
|
|
Genode::Rm_connection rm;
|
2012-01-25 20:04:42 +01:00
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
class Quota_exceeded : public Genode::Exception { };
|
|
|
|
|
|
2015-11-16 10:51:03 +01:00
|
|
|
Resources(const char *label, Genode::size_t ram_quota,
|
|
|
|
|
Ram_session_capability ram_ref_cap)
|
2015-05-05 08:50:16 +02:00
|
|
|
: pd(label), ram(label), cpu(label)
|
2012-01-25 20:04:42 +01:00
|
|
|
{
|
2015-11-16 10:51:03 +01:00
|
|
|
ram.ref_account(ram_ref_cap);
|
|
|
|
|
Ram_session_client ram_ref(ram_ref_cap);
|
|
|
|
|
|
|
|
|
|
if (ram_ref.transfer_quota(ram.cap(), ram_quota))
|
2015-03-04 21:12:14 +01:00
|
|
|
throw Quota_exceeded();
|
2012-01-25 20:04:42 +01:00
|
|
|
}
|
2015-03-04 21:12:14 +01:00
|
|
|
};
|
2012-01-25 20:04:42 +01:00
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
Resources _resources;
|
|
|
|
|
Genode::Child _child;
|
2012-01-25 20:04:42 +01:00
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
public:
|
2012-01-25 20:04:42 +01:00
|
|
|
|
2015-03-04 21:12:14 +01:00
|
|
|
Slave(Genode::Rpc_entrypoint &entrypoint,
|
|
|
|
|
Slave_policy &slave_policy,
|
2015-11-16 10:51:03 +01:00
|
|
|
Genode::size_t ram_quota,
|
|
|
|
|
Ram_session_capability ram_ref_cap = env()->ram_session_cap())
|
2015-03-04 21:12:14 +01:00
|
|
|
:
|
2015-11-16 10:51:03 +01:00
|
|
|
_resources(slave_policy.name(), ram_quota, ram_ref_cap),
|
2015-05-05 08:50:16 +02:00
|
|
|
_child(slave_policy.binary(), _resources.pd.cap(),
|
2015-03-04 21:12:14 +01:00
|
|
|
_resources.ram.cap(), _resources.cpu.cap(),
|
|
|
|
|
_resources.rm.cap(), &entrypoint, &slave_policy)
|
|
|
|
|
{ }
|
|
|
|
|
|
|
|
|
|
Genode::Ram_connection &ram() { return _resources.ram; }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/***************************************
|
|
|
|
|
** Wrappers of the 'Child' interface **
|
|
|
|
|
***************************************/
|
|
|
|
|
|
|
|
|
|
void yield(Genode::Parent::Resource_args const &args) {
|
|
|
|
|
_child.yield(args); }
|
|
|
|
|
|
|
|
|
|
void notify_resource_avail() const {
|
|
|
|
|
_child.notify_resource_avail(); }
|
|
|
|
|
};
|
2012-01-25 20:04:42 +01:00
|
|
|
|
|
|
|
|
#endif /* _INCLUDE__OS__SLAVE_H_ */
|
