Genode Packages collection
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

sandbox.patch 9.4KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228
  1. commit 20abcefd185d72ecc55e87ff78f8f784d927653d
  2. Author: Emery Hemingway <ehmry@posteo.net>
  3. Date: Sat Apr 25 16:08:45 2020 +0530
  4. Init/sandbox: always route "ld.lib.so" ROM to parent
  5. A livelock may occur if init router the "ld.lib.so" ROM request of a
  6. child to another child, and the child providing the ROM interacts with
  7. Init during the creation of the session.
  8. diff --git a/repos/os/src/lib/sandbox/child.cc b/repos/os/src/lib/sandbox/child.cc
  9. index 5361665eac..fa09cca31a 100644
  10. --- a/repos/os/src/lib/sandbox/child.cc
  11. +++ b/repos/os/src/lib/sandbox/child.cc
  12. @@ -448,6 +448,8 @@ Sandbox::Child::Route
  13. Sandbox::Child::resolve_session_request(Service::Name const &service_name,
  14. Session_label const &label)
  15. {
  16. + auto no_filter = [] (Service &) -> bool { return false; };
  17. +
  18. /* check for "config" ROM request */
  19. if (service_name == Rom_session::service_name() &&
  20. label.last_element() == "config") {
  21. @@ -498,9 +500,20 @@ Sandbox::Child::resolve_session_request(Service::Name const &service_name,
  22. label == _unique_name && _unique_name != _binary_name)
  23. return resolve_session_request(service_name, _binary_name);
  24. - /* supply binary as dynamic linker if '<start ld="no">' */
  25. - if (!_use_ld && service_name == Rom_session::service_name() && label == "ld.lib.so")
  26. - return resolve_session_request(service_name, _binary_name);
  27. + /*
  28. + * Check for the "ld.lib.so" ROM request
  29. + */
  30. + if (service_name == Rom_session::service_name() && label == "ld.lib.so") {
  31. + if (_use_ld) {
  32. + /* forward request to parent */
  33. + return Route {
  34. + find_service(_parent_services, Rom_session::service_name(), no_filter),
  35. + Session_label("ld.lib.so"), Session::Diag { false} };
  36. + } else {
  37. + /* supply binary as dynamic linker if '<start ld="no">' */
  38. + return resolve_session_request(service_name, _binary_name);
  39. + }
  40. + }
  41. /* check for "session_requests" ROM request */
  42. if (service_name == Rom_session::service_name()
  43. @@ -541,8 +554,6 @@ Sandbox::Child::resolve_session_request(Service::Name const &service_name,
  44. Session::Diag const
  45. target_diag { target.attribute_value("diag", false) };
  46. - auto no_filter = [] (Service &) -> bool { return false; };
  47. -
  48. if (target.has_type("parent")) {
  49. try {
  50. commit ce74d9bb7740f14b362e72adcf8ac42e36693468
  51. Author: Emery Hemingway <ehmry@posteo.net>
  52. Date: Sat Apr 25 17:10:03 2020 +0530
  53. init/sandbox: <routes> support
  54. Apply routing rules to a child from a <routes> node at the top-level of
  55. a sandbox config, unless the corresponding start node has as <route>
  56. node. If neither are present routes are taken from <default-route> as a
  57. fallback.
  58. Unlike the <route> and <default-route> the <routes> rules are checked by
  59. labels prefixed by child name, so <routes> may contain child-specific
  60. rules.
  61. diff --git a/repos/os/src/lib/sandbox/child.cc b/repos/os/src/lib/sandbox/child.cc
  62. index fa09cca31a..85389474ef 100644
  63. --- a/repos/os/src/lib/sandbox/child.cc
  64. +++ b/repos/os/src/lib/sandbox/child.cc
  65. @@ -523,16 +523,21 @@ Sandbox::Child::resolve_session_request(Service::Name const &service_name,
  66. try {
  67. Xml_node route_node = _default_route_accessor.default_route();
  68. + route_node = _routes_accessor.routes(route_node);
  69. try {
  70. route_node = _start_node->xml().sub_node("route"); }
  71. catch (...) { }
  72. +
  73. Xml_node service_node = route_node.sub_node();
  74. + /* <routes> is processed with the "«child» -> " prefix */
  75. + bool skip_prefix = route_node.type() != "routes";
  76. +
  77. for (; ; service_node = service_node.next()) {
  78. bool service_wildcard = service_node.has_type("any-service");
  79. - if (!service_node_matches(service_node, label, name(), service_name))
  80. + if (!service_node_matches(service_node, label, name(), service_name, skip_prefix))
  81. continue;
  82. Xml_node target = service_node.sub_node();
  83. @@ -736,6 +741,7 @@ Sandbox::Child::Child(Env &env,
  84. Report_update_trigger &report_update_trigger,
  85. Xml_node start_node,
  86. Default_route_accessor &default_route_accessor,
  87. + Routes_accessor &routes_accessor,
  88. Default_caps_accessor &default_caps_accessor,
  89. Name_registry &name_registry,
  90. Ram_quota ram_limit,
  91. @@ -753,6 +759,7 @@ Sandbox::Child::Child(Env &env,
  92. _list_element(this),
  93. _start_node(_alloc, start_node),
  94. _default_route_accessor(default_route_accessor),
  95. + _routes_accessor(routes_accessor),
  96. _default_caps_accessor(default_caps_accessor),
  97. _ram_limit_accessor(ram_limit_accessor),
  98. _cap_limit_accessor(cap_limit_accessor),
  99. diff --git a/repos/os/src/lib/sandbox/child.h b/repos/os/src/lib/sandbox/child.h
  100. index 4dd2803417..8e84e9bf75 100644
  101. --- a/repos/os/src/lib/sandbox/child.h
  102. +++ b/repos/os/src/lib/sandbox/child.h
  103. @@ -52,6 +52,14 @@ class Sandbox::Child : Child_policy, Routed_service::Wakeup
  104. struct Default_route_accessor : Interface { virtual Xml_node default_route() = 0; };
  105. struct Default_caps_accessor : Interface { virtual Cap_quota default_caps() = 0; };
  106. + struct Routes_accessor : Interface
  107. + {
  108. + virtual Xml_node routes(Xml_node _default)
  109. + {
  110. + return _default;
  111. + }
  112. + };
  113. +
  114. template <typename QUOTA>
  115. struct Resource_limit_accessor : Interface
  116. {
  117. @@ -98,6 +106,7 @@ class Sandbox::Child : Child_policy, Routed_service::Wakeup
  118. bool const _use_ld = _start_node->xml().attribute_value("ld", true);
  119. Default_route_accessor &_default_route_accessor;
  120. + Routes_accessor &_routes_accessor;
  121. Default_caps_accessor &_default_caps_accessor;
  122. Ram_limit_accessor &_ram_limit_accessor;
  123. Cap_limit_accessor &_cap_limit_accessor;
  124. @@ -475,6 +484,7 @@ class Sandbox::Child : Child_policy, Routed_service::Wakeup
  125. Report_update_trigger &report_update_trigger,
  126. Xml_node start_node,
  127. Default_route_accessor &default_route_accessor,
  128. + Routes_accessor &route_accessor,
  129. Default_caps_accessor &default_caps_accessor,
  130. Name_registry &name_registry,
  131. Ram_quota ram_limit,
  132. diff --git a/repos/os/src/lib/sandbox/library.cc b/repos/os/src/lib/sandbox/library.cc
  133. index 28b60c491f..30d0f2dfc1 100644
  134. --- a/repos/os/src/lib/sandbox/library.cc
  135. +++ b/repos/os/src/lib/sandbox/library.cc
  136. @@ -23,6 +23,7 @@
  137. struct Genode::Sandbox::Library : ::Sandbox::State_reporter::Producer,
  138. ::Sandbox::Child::Default_route_accessor,
  139. + ::Sandbox::Child::Routes_accessor,
  140. ::Sandbox::Child::Default_caps_accessor,
  141. ::Sandbox::Child::Ram_limit_accessor,
  142. ::Sandbox::Child::Cap_limit_accessor
  143. @@ -52,6 +53,8 @@ struct Genode::Sandbox::Library : ::Sandbox::State_reporter::Producer,
  144. Constructible<Buffered_xml> _default_route { };
  145. + Constructible<Buffered_xml> _routes { };
  146. +
  147. Cap_quota _default_caps { 0 };
  148. unsigned _child_cnt = 0;
  149. @@ -140,6 +143,12 @@ struct Genode::Sandbox::Library : ::Sandbox::State_reporter::Producer,
  150. : Xml_node("<empty/>");
  151. }
  152. + /**
  153. + * Routes_accessor interface
  154. + */
  155. + Xml_node routes(Xml_node _default) override {
  156. + return _routes.constructed() ? _routes->xml() : _default; }
  157. +
  158. /**
  159. * Default_caps_accessor interface
  160. */
  161. @@ -314,6 +323,9 @@ void Genode::Sandbox::Library::apply_config(Xml_node const &config)
  162. _default_route.construct(_heap, config.sub_node("default-route")); }
  163. catch (...) { }
  164. + try { _routes.construct(_heap, config.sub_node("routes")); }
  165. + catch (...) { }
  166. +
  167. _default_caps = Cap_quota { 0 };
  168. try {
  169. _default_caps = Cap_quota { config.sub_node("default")
  170. @@ -404,7 +416,7 @@ void Genode::Sandbox::Library::apply_config(Xml_node const &config)
  171. Child &child = *new (_heap)
  172. Child(_env, _heap, *_verbose,
  173. Child::Id { ++_child_cnt }, _state_reporter,
  174. - start_node, *this, *this, _children,
  175. + start_node, *this, *this, *this, _children,
  176. Ram_quota { avail_ram.value - used_ram.value },
  177. Cap_quota { avail_caps.value - used_caps.value },
  178. *this, *this, prio_levels, affinity_space,
  179. diff --git a/repos/os/src/lib/sandbox/utils.h b/repos/os/src/lib/sandbox/utils.h
  180. index 7afcaebf00..36aab737f2 100644
  181. --- a/repos/os/src/lib/sandbox/utils.h
  182. +++ b/repos/os/src/lib/sandbox/utils.h
  183. @@ -59,7 +59,8 @@ namespace Sandbox {
  184. inline bool service_node_matches(Xml_node const service_node,
  185. Session_label const &label,
  186. Child_policy::Name const &child_name,
  187. - Service::Name const &service_name)
  188. + Service::Name const &service_name,
  189. + bool skip_child_prefix = true)
  190. {
  191. bool const service_matches =
  192. service_node.has_type("any-service") ||
  193. @@ -98,8 +99,9 @@ namespace Sandbox {
  194. if (!route_depends_on_child_provided_label)
  195. return true;
  196. - char const * const scoped_label = skip_label_prefix(
  197. - child_name.string(), label.string());
  198. + char const * const scoped_label = skip_child_prefix
  199. + ? skip_label_prefix(child_name.string(), label.string())
  200. + : label.string();
  201. if (!scoped_label)
  202. return false;