ehmry/genode
ehmry/genode
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c6f3dfc3ec
genode/repos/ports/src/noux/child_policy.h

219 lines
7.1 KiB
C
Raw Normal View History

Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
/*
* \brief Noux child policy
* \author Norman Feske
* \date 2012-02-25
*/
/*
Adjust file headers to refer to the AGPLv3
2017-02-20 13:23:52 +01:00
* Copyright (C) 2012-2017 Genode Labs GmbH
Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
*
* This file is part of the Genode OS framework, which is distributed
Adjust file headers to refer to the AGPLv3
2017-02-20 13:23:52 +01:00
* under the terms of the GNU Affero General Public License version 3.
Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
*/
#ifndef _NOUX__CHILD_POLICY_H_
#define _NOUX__CHILD_POLICY_H_
/* Genode includes */
#include <init/child_policy.h>
/* Noux includes */
#include <family_member.h>
Noux: POSIX signal improvements - 'kill()' syscall added - 'wait()' gets unblocked when a signal occurs - syscalls can get called from a signal handler without corrupting the 'sysio' object - the child's exit status gets correctly reported to 'wait()' - SIGCHLD gets ignored by default - pending signals survive 'execve()' Fixes #1035.
2014-01-23 17:21:35 +01:00
#include <parent_exit.h>
Noux: close all file descriptors on child exit With this patch, when a child exits, all of its open file descriptors get closed immediately. This is necessary to unblock the parent if it is trying to read from a pipe (connected to the child) before calling 'wait4()'. Fixes #357.
2012-09-14 16:46:51 +02:00
#include <file_descriptor_registry.h>
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
#include <empty_rom_service.h>
noux: Keep track of how dataspaces are used This patch eliminates the "no attachment at..." warnings, which were caused by a use-after-free problem of dataspaces. When a dataspace was destroyed, the users of the dataspace were not informed and therefore could not revert possible attachments to RM sessions. The fix introduces a callback mechanism that allows dataspace users (i.e., RM regions) to register for the event that a dataspace vanishes. The following types of dataspaces are handled: * RAM dataspaces * ROM dataspaces * The process binary * The binary of the dynamic linker * Args dataspace * Sysio dataspace * Env dataspace * managed RM dataspaces The handling of ROM dataspaces is still not complete. When forking, the ROM dataspace of the parent process gets just reused without creating proper meta data ('Dataspace_info') for the forked process. Similar issues might arise from other special dataspaces (e.g., args, env, sysio). This patch removes all "no attachment at..." warnings except for one (an attachment at 0). Issue #485
2013-07-18 16:27:42 +02:00
#include <local_rom_service.h>
Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
namespace Noux {
Adapt high-level components to new parent API This patch adjusts the various users of the 'Child' API to the changes on the account of the new non-blocking parent interface. It also removes the use of the no-longer-available 'Connection::KEEP_OPEN' feature. With the adjustment, we took the opportunity to redesign several components to fit the non-blocking execution model much better, in particular the demo applications. Issue #2120
2016-11-23 17:07:49 +01:00
typedef Registered<Genode::Parent_service> Parent_service;
typedef Registry<Parent_service> Parent_services;
typedef Local_service<Pd_session_component> Pd_service;
typedef Local_service<Cpu_session_component> Cpu_service;
typedef Local_service<Rpc_object<Session> > Noux_service;
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
class Child_policy;
}
Adapt high-level components to new parent API This patch adjusts the various users of the 'Child' API to the changes on the account of the new non-blocking parent interface. It also removes the use of the no-longer-available 'Connection::KEEP_OPEN' feature. With the adjustment, we took the opportunity to redesign several components to fit the non-blocking execution model much better, in particular the demo applications. Issue #2120
2016-11-23 17:07:49 +01:00
Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
class Noux::Child_policy : public Genode::Child_policy
{
private:
noux: enable strict warnings
2019-01-18 16:18:19 +01:00
/**
* Noncopyable
*/
Child_policy(Child_policy const &);
Child_policy &operator = (Child_policy const &);
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
Name const _name;
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
bool _forked;
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
Init::Child_policy_provide_rom_file _args_policy;
Init::Child_policy_provide_rom_file _env_policy;
Init::Child_policy_provide_rom_file _config_policy;
Pd_service &_pd_service;
Cpu_service &_cpu_service;
Noux_service &_noux_service;
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
Empty_rom_service &_empty_rom_service;
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
Local_rom_service &_rom_service;
Parent_services &_parent_services;
Family_member &_family_member;
Parent_exit *_parent_exit;
File_descriptor_registry &_file_descriptor_registry;
Signal_context_capability _destruct_context_cap;
Capability quota accounting and trading This patch mirrors the accounting and trading scheme that Genode employs for physical memory to the accounting of capability allocations. Capability quotas must now be explicitly assigned to subsystems by specifying a 'caps=<amount>' attribute to init's start nodes. Analogously to RAM quotas, cap quotas can be traded between clients and servers as part of the session protocol. The capability budget of each component is maintained by the component's corresponding PD session at core. At the current stage, the accounting is applied to RPC capabilities, signal-context capabilities, and dataspace capabilities. Capabilities that are dynamically allocated via core's CPU and TRACE service are not yet covered. Also, the capabilities allocated by resource multiplexers outside of core (like nitpicker) must be accounted by the respective servers, which is not covered yet. If a component runs out of capabilities, core's PD service prints a warning to the log. To observe the consumption of capabilities per component in detail, the PD service is equipped with a diagnostic mode, which can be enabled via the 'diag' attribute in the target node of init's routing rules. E.g., the following route enables the diagnostic mode for the PD session of the "timer" component: <default-route> <service name="PD" unscoped_label="timer"> <parent diag="yes"/> </service> ... </default-route> For subsystems based on a sub-init instance, init can be configured to report the capability-quota information of its subsystems by adding the attribute 'child_caps="yes"' to init's '<report>' config node. Init's own capability quota can be reported by adding the attribute 'init_caps="yes"'. Fixes #2398
2017-05-08 21:35:43 +02:00
Pd_session &_ref_pd;
Pd_session_capability _ref_pd_cap;
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
int _exit_value;
bool _verbose;
template <typename T>
static Genode::Service *_find_service(Genode::Registry<T> &services,
Genode::Service::Name const &name)
{
Genode::Service *service = nullptr;
services.for_each([&] (T &s) {
if (!service && (s.name() == name))
service = &s; });
return service;
}
noux: remove use of deprecated APIs Issue #1987
2019-01-21 09:27:19 +01:00
/**
* Find suitable service for a given session request
*
* \throw Service_denied
*/
Service &_matching_service(Service::Name const &service_name,
Session_label const &label)
{
/*
* Route initial ROM requests (binary and linker) of a forked child
* to the empty ROM service, since the ROMs are already attached in
* the replayed region map.
*/
if (_forked && (service_name == Genode::Rom_session::service_name())) {
if (label.last_element() == name()) return _empty_rom_service;
if (label.last_element() == linker_name()) return _empty_rom_service;
}
Genode::Service *service = nullptr;
/* check for local ROM requests */
if ((service = _args_policy .resolve_session_request_with_label(service_name, label))
|| (service = _env_policy .resolve_session_request_with_label(service_name, label))
|| (service = _config_policy.resolve_session_request_with_label(service_name, label)))
return *service;
/* check for local services */
if (service_name == Genode::Cpu_session::service_name()) return _cpu_service;
if (service_name == Genode::Rom_session::service_name()) return _rom_service;
if (service_name == Genode::Pd_session::service_name()) return _pd_service;
if (service_name == Noux::Session::service_name()) return _noux_service;
/* check for parent services */
if ((service = _find_service(_parent_services, service_name)))
return *service;
throw Service_denied();
}
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
public:
Child_policy(Name const &name,
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
bool forked,
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
Dataspace_capability args_ds,
Dataspace_capability env_ds,
Dataspace_capability config_ds,
Rpc_entrypoint &entrypoint,
Pd_service &pd_service,
Cpu_service &cpu_service,
Noux_service &noux_service,
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
Empty_rom_service &empty_rom_service,
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
Local_rom_service &rom_service,
Parent_services &parent_services,
Family_member &family_member,
Parent_exit *parent_exit,
File_descriptor_registry &file_descriptor_registry,
Signal_context_capability destruct_context_cap,
Capability quota accounting and trading This patch mirrors the accounting and trading scheme that Genode employs for physical memory to the accounting of capability allocations. Capability quotas must now be explicitly assigned to subsystems by specifying a 'caps=<amount>' attribute to init's start nodes. Analogously to RAM quotas, cap quotas can be traded between clients and servers as part of the session protocol. The capability budget of each component is maintained by the component's corresponding PD session at core. At the current stage, the accounting is applied to RPC capabilities, signal-context capabilities, and dataspace capabilities. Capabilities that are dynamically allocated via core's CPU and TRACE service are not yet covered. Also, the capabilities allocated by resource multiplexers outside of core (like nitpicker) must be accounted by the respective servers, which is not covered yet. If a component runs out of capabilities, core's PD service prints a warning to the log. To observe the consumption of capabilities per component in detail, the PD service is equipped with a diagnostic mode, which can be enabled via the 'diag' attribute in the target node of init's routing rules. E.g., the following route enables the diagnostic mode for the PD session of the "timer" component: <default-route> <service name="PD" unscoped_label="timer"> <parent diag="yes"/> </service> ... </default-route> For subsystems based on a sub-init instance, init can be configured to report the capability-quota information of its subsystems by adding the attribute 'child_caps="yes"' to init's '<report>' config node. Init's own capability quota can be reported by adding the attribute 'init_caps="yes"'. Fixes #2398
2017-05-08 21:35:43 +02:00
Pd_session &ref_pd,
Pd_session_capability ref_pd_cap,
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
bool verbose)
:
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
_name(name), _forked(forked),
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
_args_policy( "args", args_ds, &entrypoint),
_env_policy( "env", env_ds, &entrypoint),
_config_policy("config", config_ds, &entrypoint),
Integrate core's RAM service into the PD service Fixes #2407
2017-05-11 20:03:28 +02:00
_pd_service(pd_service),
_cpu_service(cpu_service),
_noux_service(noux_service),
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
_empty_rom_service(empty_rom_service),
Integrate core's RAM service into the PD service Fixes #2407
2017-05-11 20:03:28 +02:00
_rom_service(rom_service),
_parent_services(parent_services),
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
_family_member(family_member),
_parent_exit(parent_exit),
_file_descriptor_registry(file_descriptor_registry),
_destruct_context_cap(destruct_context_cap),
Integrate core's RAM service into the PD service Fixes #2407
2017-05-11 20:03:28 +02:00
_ref_pd (ref_pd), _ref_pd_cap (ref_pd_cap),
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
_exit_value(~0),
_verbose(verbose)
{ }
int exit_value() const { return _exit_value; }
/****************************
** Child policy interface **
****************************/
Noux: 'empty' ROM service for initial ROMs The initial ROMs (program and linker) are already attached to the region map of a forked process and don't need to be obtained again from an external ROM service when the 'Child' class asks for them. For the program image, the local Noux ROM service already returned an invalid dataspace capability, but not for the linker. Instead of adding another 'magic' ROM name for the local ROM service, this commit implements an 'empty' ROM service, which returns an invalid dataspace for the initial ROMs. Fixes #2272
2017-01-31 18:03:11 +01:00
Name name() const override { return _name; }
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
Capability quota accounting and trading This patch mirrors the accounting and trading scheme that Genode employs for physical memory to the accounting of capability allocations. Capability quotas must now be explicitly assigned to subsystems by specifying a 'caps=<amount>' attribute to init's start nodes. Analogously to RAM quotas, cap quotas can be traded between clients and servers as part of the session protocol. The capability budget of each component is maintained by the component's corresponding PD session at core. At the current stage, the accounting is applied to RPC capabilities, signal-context capabilities, and dataspace capabilities. Capabilities that are dynamically allocated via core's CPU and TRACE service are not yet covered. Also, the capabilities allocated by resource multiplexers outside of core (like nitpicker) must be accounted by the respective servers, which is not covered yet. If a component runs out of capabilities, core's PD service prints a warning to the log. To observe the consumption of capabilities per component in detail, the PD service is equipped with a diagnostic mode, which can be enabled via the 'diag' attribute in the target node of init's routing rules. E.g., the following route enables the diagnostic mode for the PD session of the "timer" component: <default-route> <service name="PD" unscoped_label="timer"> <parent diag="yes"/> </service> ... </default-route> For subsystems based on a sub-init instance, init can be configured to report the capability-quota information of its subsystems by adding the attribute 'child_caps="yes"' to init's '<report>' config node. Init's own capability quota can be reported by adding the attribute 'init_caps="yes"'. Fixes #2398
2017-05-08 21:35:43 +02:00
Pd_session &ref_pd() override { return _ref_pd; }
Pd_session_capability ref_pd_cap() const override { return _ref_pd_cap; }
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
noux: enable strict warnings
2019-01-18 16:18:19 +01:00
void init(Pd_session &session, Pd_session_capability) override
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
{
Integrate core's RAM service into the PD service Fixes #2407
2017-05-11 20:03:28 +02:00
session.ref_account(_ref_pd_cap);
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
}
noux: remove use of deprecated APIs Issue #1987
2019-01-21 09:27:19 +01:00
Route resolve_session_request(Service::Name const &service_name,
Session_label const &label) override
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
{
noux: remove use of deprecated APIs Issue #1987
2019-01-21 09:27:19 +01:00
return Route { .service = _matching_service(service_name, label),
.label = label,
.diag = Session::Diag() };
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
}
void exit(int exit_value) override
{
_exit_value = exit_value;
if (_verbose || (exit_value != 0))
log("child ", _name, " exited with exit value ", exit_value);
/*
* Close all open file descriptors. This is necessary to unblock
* the parent if it is trying to read from a pipe (connected to
* the child) before calling 'wait4()'.
*/
_file_descriptor_registry.flush();
_family_member.exit(exit_value);
/* notify the parent */
if (_parent_exit)
_parent_exit->exit_child();
else {
/* handle exit of the init process */
Signal_transmitter(_destruct_context_cap).submit();
Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
}
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
}
Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
Region_map *address_space(Pd_session &pd) override
{
return &static_cast<Pd_session_component &>(pd).address_space_region_map();
}
base: rm first-class support for static binaries This patch removes the detection of statically linked executables from the base framework. It thereby fixes the corner cases encountered with Sculpt when obtaining the binaries of the runtime from the depot_rom service that is hosted within the runtime. Statically linked binaries and hybrid Linux/Genode (lx_hybrid) binaries can still be started by relabeling the ROM-session route of "ld.lib.so" to the binary name, pretending that the binary is the dynamic linker. This can be achieved via init's label rewriting mechanism: <route> <service name="ROM" unscoped_label="ld.lib.so"> <parent label="test-platform"/> </service> </route> However, as this is quite cryptic and would need to be applied for all lx_hybrid components, the patch adds a shortcut to init's configuration. One can simply add the 'ld="no"' attribute to the <start> node of the corresponding component: <start name="test-platform" ld="no"/> Fixes #2866
2018-07-04 18:48:04 +02:00
bool forked() const override { return _forked; }
noux: API transition This patch removes the dependency of the deprecated Genode API, fixes the coding style, and removes the "random" file system (superseded by the VFS plugin mechanism). Ref #1987
2017-01-06 12:12:39 +01:00
};
Handle lifetime of dynamic allocations in Noux
2012-02-25 20:41:59 +01:00
#endif /* _NOUX__CHILD_POLICY_H_ */
Reference in New Issue Copy Permalink