ehmry/genode
ehmry
/
genode
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
genode/base-linux/src/core/include/core_linux_syscalls.h

175 lines
3.8 KiB
C
Raw Normal View History

Linux: cleanup system-call bindings This patch simplifies the system call bindings. The common syscall bindings in 'src/platform/' have been reduced to the syscalls needed by non-core programs. The additional syscalls that are needed solely by core have been moved to 'src/core/include/core_linux_syscalls.h'. Furthermore, the resource path is not used outside of core anymore. Hence, we could get rid of the rpath library. The resource-path code has been moved to 'src/core/include/resource_path.h'. The IPC-related parts of 'src/platform' have been moved to the IPC library. So there is now a clean separation between low-level syscall bindings (in 'src/platform') and higher-level code. The code for the socket-descriptor registry is now located in the 'src/base/ipc/socket_descriptor_registry.h' header. The interface is separated from 'ipc.cc' because core needs to access the registry from outside the ipc library.
2012-08-10 16:35:57 +02:00
/*
* \brief Linux system calls that are used in core only
* \author Norman Feske
* \date 2012-08-10
*/
/*
* Copyright (C) 2011-2012 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2.
*/
#ifndef _CORE__INCLUDE__CORE_LINUX_SYSCALLS_H_
#define _CORE__INCLUDE__CORE_LINUX_SYSCALLS_H_
/* basic Linux syscall bindings */
#include <linux_syscalls.h>
#include <sys/stat.h>
/*******************************************************
** Functions used by core's ram-session support code **
*******************************************************/
inline int lx_mkdir(char const *pathname, mode_t mode)
{
return lx_syscall(SYS_mkdir, pathname, mode);
}
inline int lx_ftruncate(int fd, unsigned long length)
{
return lx_syscall(SYS_ftruncate, fd, length);
}
inline int lx_unlink(const char *fname)
{
return lx_syscall(SYS_unlink, fname);
}
/*******************************************************
** Functions used by core's rom-session support code **
*******************************************************/
inline int lx_open(const char *pathname, int flags, mode_t mode = 0)
{
return lx_syscall(SYS_open, pathname, flags, mode);
}
inline int lx_stat(const char *path, struct stat64 *buf)
{
#ifdef _LP64
return lx_syscall(SYS_stat, path, buf);
#else
return lx_syscall(SYS_stat64, path, buf);
#endif
}
/**************************************
** Process creation and destruction **
**************************************/
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core.
2012-08-15 19:14:05 +02:00
inline int lx_execve(const char *filename, char *const argv[],
char *const envp[])
{
return lx_syscall(SYS_execve, filename, argv, envp);
}
Linux: cleanup system-call bindings This patch simplifies the system call bindings. The common syscall bindings in 'src/platform/' have been reduced to the syscalls needed by non-core programs. The additional syscalls that are needed solely by core have been moved to 'src/core/include/core_linux_syscalls.h'. Furthermore, the resource path is not used outside of core anymore. Hence, we could get rid of the rpath library. The resource-path code has been moved to 'src/core/include/resource_path.h'. The IPC-related parts of 'src/platform' have been moved to the IPC library. So there is now a clean separation between low-level syscall bindings (in 'src/platform') and higher-level code. The code for the socket-descriptor registry is now located in the 'src/base/ipc/socket_descriptor_registry.h' header. The interface is separated from 'ipc.cc' because core needs to access the registry from outside the ipc library.
2012-08-10 16:35:57 +02:00
/**
* Send signal to process
*
* This function is used by core to kill processes.
*/
inline int lx_kill(int pid, int signal)
{
return lx_syscall(SYS_kill, pid, signal);
}
Linux: move process creation into core Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core.
2012-08-15 19:14:05 +02:00
inline int lx_create_process(int (*entry)(void *), void *stack, void *arg)
{
int flags = CLONE_VFORK | SIGCHLD;
return lx_clone((int (*)(void *))entry, stack, flags, arg);
}
Add chroot support to core Since the recent move of the process creation into core, the original chroot trampoline mechanism implemented in 'os/src/app/chroot' does not work anymore. A process could simply escape the chroot environment by spawning a new process via core's PD service. Therefore, this patch moves the chroot support into core. So the chroot policy becomes mandatory part of the process creation. For each process created by core, core checks for 'root' argument of the PD session. If a path is present, core takes the precautions needed to execute the new process in the specified chroot environment. This conceptual change implies minor changes with respect to the Genode API and the configuration of the init process. The API changes are the enhancement of the 'Genode::Child' and 'Genode::Process' constructors to take the root path as argument. Init supports the specification of a chroot per process by specifying the new 'root' attribute to the '<start>' node of the process. In line with these changes, the 'Loader::Session::start' function has been enhanced with the additional (optional) root argument.
2012-10-24 16:27:26 +02:00
/*********************
** Chroot handling **
*********************/
inline int lx_chroot(const char *path)
{
return lx_syscall(SYS_chroot, path);
}
inline int lx_getcwd(char *dst, size_t dst_len)
{
return lx_syscall(SYS_getcwd, dst, dst_len);
}
inline int lx_bindmount(char const *source, char const *target)
{
enum { MS_BIND = 4096 };
return lx_syscall(SYS_mount, source, target, 0, MS_BIND, 0);
}
inline int lx_umount(char const *target)
{
return lx_syscall(SYS_umount, target);
}
Linux: cleanup system-call bindings This patch simplifies the system call bindings. The common syscall bindings in 'src/platform/' have been reduced to the syscalls needed by non-core programs. The additional syscalls that are needed solely by core have been moved to 'src/core/include/core_linux_syscalls.h'. Furthermore, the resource path is not used outside of core anymore. Hence, we could get rid of the rpath library. The resource-path code has been moved to 'src/core/include/resource_path.h'. The IPC-related parts of 'src/platform' have been moved to the IPC library. So there is now a clean separation between low-level syscall bindings (in 'src/platform') and higher-level code. The code for the socket-descriptor registry is now located in the 'src/base/ipc/socket_descriptor_registry.h' header. The interface is separated from 'ipc.cc' because core needs to access the registry from outside the ipc library.
2012-08-10 16:35:57 +02:00
/********************************************
** Communication over Unix-domain sockets **
********************************************/
#ifdef SYS_socketcall
inline int lx_socket(int domain, int type, int protocol)
{
unsigned long args[3] = { domain, type, protocol };
return lx_socketcall(SYS_SOCKET, args);
}
inline int lx_bind(int sockfd, const struct sockaddr *addr,
socklen_t addrlen)
{
unsigned long args[3] = { sockfd, (unsigned long)addr, addrlen };
return lx_socketcall(SYS_BIND, args);
}
inline int lx_connect(int sockfd, const struct sockaddr *serv_addr,
socklen_t addrlen)
{
unsigned long args[3] = { sockfd, (unsigned long)serv_addr, addrlen };
return lx_socketcall(SYS_CONNECT, args);
}
#else
inline int lx_socket(int domain, int type, int protocol)
{
return lx_syscall(SYS_socket, domain, type, protocol);
}
inline int lx_bind(int sockfd, const struct sockaddr *addr,
socklen_t addrlen)
{
return lx_syscall(SYS_bind, sockfd, addr, addrlen);
}
inline int lx_connect(int sockfd, const struct sockaddr *serv_addr,
socklen_t addrlen)
{
return lx_syscall(SYS_connect, sockfd, serv_addr, addrlen);
}
#endif /* SYS_socketcall */
#endif /* _CORE__INCLUDE__CORE_LINUX_SYSCALLS_H_ */