genode/repos/base-linux/include/linux_pd_session/client.h

/*
 * \brief  Client-side PD session interface
 * \author Norman Feske
 * \date   2012-08-15
 */

/*
 * Copyright (C) 2012-2013 Genode Labs GmbH
 *
 * This file is part of the Genode OS framework, which is distributed
 * under the terms of the GNU General Public License version 2.
 */

#ifndef _INCLUDE__LINUX_PD_SESSION__CLIENT_H_
#define _INCLUDE__LINUX_PD_SESSION__CLIENT_H_

#include <linux_pd_session/linux_pd_session.h>
#include <base/rpc_client.h>

namespace Genode { struct Linux_pd_session_client; }

struct Genode::Linux_pd_session_client : Rpc_client<Linux_pd_session>
{
	explicit Linux_pd_session_client(Capability<Linux_pd_session> session)
	: Rpc_client<Linux_pd_session>(session) { }

	int bind_thread(Thread_capability thread) override {
		return call<Rpc_bind_thread>(thread); }

	int assign_parent(Capability<Parent> parent) override {
		return call<Rpc_assign_parent>(parent); }

	bool assign_pci(addr_t pci_config_memory_address, uint16_t bdf) override {
		return call<Rpc_assign_pci>(pci_config_memory_address, bdf); }

	Signal_source_capability alloc_signal_source() override {
		return call<Rpc_alloc_signal_source>(); }

	void free_signal_source(Signal_source_capability cap) override {
		call<Rpc_free_signal_source>(cap); }

	Signal_context_capability alloc_context(Signal_source_capability source,
	                                        unsigned long imprint) override {
		return call<Rpc_alloc_context>(source, imprint); }

	void free_context(Signal_context_capability cap) override {
		call<Rpc_free_context>(cap); }

	void submit(Signal_context_capability receiver, unsigned cnt = 1) override {
		call<Rpc_submit>(receiver, cnt); }


	/*****************************
	 * Linux-specific extension **
	 *****************************/

	void start(Capability<Dataspace> binary) {
		call<Rpc_start>(binary); }
};

#endif /* _INCLUDE__LINUX_PD_SESSION__CLIENT_H_ */
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00			`/*`
			`* \brief Client-side PD session interface`
			`* \author Norman Feske`
			`* \date 2012-08-15`
			`*/`

			`/*`
Update copyright headers to 2013 2013-01-10 21:44:47 +01:00			`* Copyright (C) 2012-2013 Genode Labs GmbH`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00			`*`
			`* This file is part of the Genode OS framework, which is distributed`
			`* under the terms of the GNU General Public License version 2.`
			`*/`

			`#ifndef _INCLUDE__LINUX_PD_SESSION__CLIENT_H_`
			`#define _INCLUDE__LINUX_PD_SESSION__CLIENT_H_`

			`#include <linux_pd_session/linux_pd_session.h>`
			`#include <base/rpc_client.h>`

Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`namespace Genode { struct Linux_pd_session_client; }`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00
Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`struct Genode::Linux_pd_session_client : Rpc_client<Linux_pd_session>`
			`{`
			`explicit Linux_pd_session_client(Capability<Linux_pd_session> session)`
			`: Rpc_client<Linux_pd_session>(session) { }`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00
Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`int bind_thread(Thread_capability thread) override {`
			`return call<Rpc_bind_thread>(thread); }`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00
Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`int assign_parent(Capability<Parent> parent) override {`
			`return call<Rpc_assign_parent>(parent); }`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00
Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`bool assign_pci(addr_t pci_config_memory_address, uint16_t bdf) override {`
			`return call<Rpc_assign_pci>(pci_config_memory_address, bdf); }`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00
Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`Signal_source_capability alloc_signal_source() override {`
			`return call<Rpc_alloc_signal_source>(); }`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00
Integrate SIGNAL session into PD session This patch removes the SIGNAL service from core and moves its functionality to the PD session. Furthermore, it unifies the PD service implementation and terminology across the various base platforms. Issue #1841 2016-01-14 13:22:00 +01:00			`void free_signal_source(Signal_source_capability cap) override {`
			`call<Rpc_free_signal_source>(cap); }`

			`Signal_context_capability alloc_context(Signal_source_capability source,`
			`unsigned long imprint) override {`
			`return call<Rpc_alloc_context>(source, imprint); }`

			`void free_context(Signal_context_capability cap) override {`
			`call<Rpc_free_context>(cap); }`

			`void submit(Signal_context_capability receiver, unsigned cnt = 1) override {`
			`call<Rpc_submit>(receiver, cnt); }`


			`/*****************************`
			`* Linux-specific extension **`
			`*****************************/`

			`void start(Capability<Dataspace> binary) {`
			`call<Rpc_start>(binary); }`
			`};`
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core. 2012-08-15 19:14:05 +02:00
			`#endif /* _INCLUDE__LINUX_PD_SESSION__CLIENT_H_ */`