2011-12-22 15:19:25 +00:00
|
|
|
/*
|
|
|
|
* \brief Policy applied to all children of the init process
|
|
|
|
* \author Norman Feske
|
|
|
|
* \date 2010-04-29
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2013-01-10 20:44:47 +00:00
|
|
|
* Copyright (C) 2010-2013 Genode Labs GmbH
|
2011-12-22 15:19:25 +00:00
|
|
|
*
|
|
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
|
|
* under the terms of the GNU General Public License version 2.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef _INCLUDE__INIT__CHILD_POLICY_H_
|
|
|
|
#define _INCLUDE__INIT__CHILD_POLICY_H_
|
|
|
|
|
|
|
|
/* Genode includes */
|
|
|
|
#include <base/service.h>
|
|
|
|
#include <base/child.h>
|
|
|
|
#include <base/rpc_server.h>
|
|
|
|
#include <util/arg_string.h>
|
|
|
|
#include <rom_session/connection.h>
|
|
|
|
|
|
|
|
namespace Init {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Policy for prepending the child name to the 'label' argument
|
|
|
|
*
|
|
|
|
* By applying this policy, the identity of the child becomes imprinted
|
|
|
|
* with each session request.
|
|
|
|
*/
|
|
|
|
class Child_policy_enforce_labeling
|
|
|
|
{
|
|
|
|
const char *_name;
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
Child_policy_enforce_labeling(const char *name) : _name(name) { }
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Filter arguments of session request
|
|
|
|
*
|
|
|
|
* This function modifies the 'label' argument and leaves all other
|
|
|
|
* session arguments intact.
|
|
|
|
*/
|
|
|
|
void filter_session_args(const char *, char *args,
|
|
|
|
Genode::size_t args_len)
|
|
|
|
{
|
|
|
|
using namespace Genode;
|
|
|
|
|
|
|
|
char label_buf[Parent::Session_args::MAX_SIZE];
|
|
|
|
Arg_string::find_arg(args, "label").string(label_buf, sizeof(label_buf), "");
|
|
|
|
|
|
|
|
char value_buf[Parent::Session_args::MAX_SIZE];
|
|
|
|
Genode::snprintf(value_buf, sizeof(value_buf),
|
|
|
|
"\"%s%s%s\"",
|
|
|
|
_name,
|
|
|
|
Genode::strcmp(label_buf, "") == 0 ? "" : " -> ",
|
|
|
|
label_buf);
|
|
|
|
|
|
|
|
Arg_string::set_arg(args, args_len, "label", value_buf);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2012-10-24 14:27:26 +00:00
|
|
|
/**
|
2012-11-21 14:20:21 +00:00
|
|
|
* Policy for handling platform-specific PD-session arguments
|
2012-10-24 14:27:26 +00:00
|
|
|
*
|
2012-11-21 14:20:21 +00:00
|
|
|
* This policy is used onthe Linux base platform for prepending the chroot
|
|
|
|
* path of the child. By applying this policy, the chroot path of the child
|
|
|
|
* gets supplied to PD session requests.
|
2012-10-24 14:27:26 +00:00
|
|
|
*/
|
2012-11-21 14:20:21 +00:00
|
|
|
class Child_policy_pd_args
|
2012-10-24 14:27:26 +00:00
|
|
|
{
|
|
|
|
private:
|
|
|
|
|
2012-11-21 14:20:21 +00:00
|
|
|
Genode::Native_pd_args const *_pd_args;
|
2012-10-24 14:27:26 +00:00
|
|
|
|
|
|
|
public:
|
|
|
|
|
2012-11-21 14:20:21 +00:00
|
|
|
Child_policy_pd_args(Genode::Native_pd_args const *pd_args)
|
|
|
|
: _pd_args(pd_args) { }
|
2012-10-24 14:27:26 +00:00
|
|
|
|
|
|
|
void filter_session_args(const char *session, char *args,
|
2012-11-21 14:20:21 +00:00
|
|
|
Genode::size_t args_len);
|
2012-10-24 14:27:26 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
2011-12-22 15:19:25 +00:00
|
|
|
class Child_policy_handle_cpu_priorities
|
|
|
|
{
|
|
|
|
/* priority parameters */
|
|
|
|
long _prio_levels_log2;
|
|
|
|
long _priority;
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
Child_policy_handle_cpu_priorities(long prio_levels_log2, long priority)
|
|
|
|
: _prio_levels_log2(prio_levels_log2), _priority(priority) { }
|
|
|
|
|
|
|
|
void filter_session_args(const char *service, char *args, Genode::size_t args_len)
|
|
|
|
{
|
|
|
|
using namespace Genode;
|
|
|
|
|
|
|
|
/* intercept only CPU session requests to scale priorities */
|
|
|
|
if (Genode::strcmp(service, "CPU") || _prio_levels_log2 == 0)
|
|
|
|
return;
|
|
|
|
|
2014-11-03 13:07:59 +00:00
|
|
|
unsigned long priority = Arg_string::find_arg(args, "priority").long_value(0);
|
|
|
|
|
|
|
|
/* clamp priority value to valid range */
|
|
|
|
priority = min((unsigned)Cpu_session::PRIORITY_LIMIT - 1, priority);
|
2011-12-22 15:19:25 +00:00
|
|
|
|
|
|
|
long discarded_prio_lsb_bits_mask = (1 << _prio_levels_log2) - 1;
|
|
|
|
if (priority & discarded_prio_lsb_bits_mask) {
|
|
|
|
PWRN("priority band too small, losing least-significant priority bits");
|
|
|
|
}
|
|
|
|
priority >>= _prio_levels_log2;
|
|
|
|
|
|
|
|
/* assign child priority to the most significant priority bits */
|
|
|
|
priority |= _priority*(Cpu_session::PRIORITY_LIMIT >> _prio_levels_log2);
|
|
|
|
|
|
|
|
/* override priority when delegating the session request to the parent */
|
|
|
|
char value_buf[64];
|
|
|
|
Genode::snprintf(value_buf, sizeof(value_buf), "0x%lx", priority);
|
|
|
|
Arg_string::set_arg(args, args_len, "priority", value_buf);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
class Child_policy_provide_rom_file
|
|
|
|
{
|
|
|
|
private:
|
|
|
|
|
|
|
|
struct Local_rom_session_component : Genode::Rpc_object<Genode::Rom_session>
|
|
|
|
{
|
|
|
|
Genode::Dataspace_capability ds_cap;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*/
|
|
|
|
Local_rom_session_component(Genode::Dataspace_capability ds)
|
|
|
|
: ds_cap(ds) { }
|
|
|
|
|
|
|
|
|
|
|
|
/***************************
|
|
|
|
** ROM session interface **
|
|
|
|
***************************/
|
|
|
|
|
|
|
|
Genode::Rom_dataspace_capability dataspace() {
|
|
|
|
return Genode::static_cap_cast<Genode::Rom_dataspace>(ds_cap); }
|
|
|
|
|
Support for dynamic ROM sessions, fix #170
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.
Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.
To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.
In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.
The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).
An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
2012-04-04 15:07:19 +00:00
|
|
|
void sigh(Genode::Signal_context_capability) { }
|
|
|
|
|
2011-12-22 15:19:25 +00:00
|
|
|
} _local_rom_session;
|
|
|
|
|
|
|
|
Genode::Rpc_entrypoint *_ep;
|
|
|
|
Genode::Rom_session_capability _rom_session_cap;
|
|
|
|
|
|
|
|
enum { FILENAME_MAX_LEN = 32 };
|
|
|
|
char _filename[FILENAME_MAX_LEN];
|
|
|
|
|
|
|
|
struct Local_rom_service : public Genode::Service
|
|
|
|
{
|
|
|
|
Genode::Rom_session_capability _rom_cap;
|
|
|
|
bool _valid;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*
|
|
|
|
* \param rom_cap capability to return on session requests
|
|
|
|
* \param valid true if local rom service is backed by a
|
|
|
|
* valid dataspace
|
|
|
|
*/
|
|
|
|
Local_rom_service(Genode::Rom_session_capability rom_cap, bool valid)
|
|
|
|
: Genode::Service("ROM"), _rom_cap(rom_cap), _valid(valid) { }
|
|
|
|
|
2013-08-07 21:10:28 +00:00
|
|
|
Genode::Session_capability session(char const * /*args*/,
|
|
|
|
Genode::Affinity const &)
|
2011-12-22 15:19:25 +00:00
|
|
|
{
|
|
|
|
if (!_valid)
|
|
|
|
throw Invalid_args();
|
|
|
|
|
|
|
|
return _rom_cap;
|
|
|
|
}
|
|
|
|
|
2013-02-21 11:39:57 +00:00
|
|
|
void upgrade(Genode::Session_capability, const char * /*args*/) { }
|
2011-12-22 15:19:25 +00:00
|
|
|
void close(Genode::Session_capability) { }
|
|
|
|
|
|
|
|
} _local_rom_service;
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*/
|
|
|
|
Child_policy_provide_rom_file(const char *filename,
|
|
|
|
Genode::Dataspace_capability ds_cap,
|
|
|
|
Genode::Rpc_entrypoint *ep)
|
|
|
|
:
|
|
|
|
_local_rom_session(ds_cap), _ep(ep),
|
|
|
|
_rom_session_cap(_ep->manage(&_local_rom_session)),
|
|
|
|
_local_rom_service(_rom_session_cap, ds_cap.valid())
|
|
|
|
{
|
|
|
|
Genode::strncpy(_filename, filename, sizeof(_filename));
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Destructor
|
|
|
|
*/
|
|
|
|
~Child_policy_provide_rom_file() { _ep->dissolve(&_local_rom_session); }
|
|
|
|
|
|
|
|
Genode::Service *resolve_session_request(const char *service_name,
|
|
|
|
const char *args)
|
|
|
|
{
|
|
|
|
/* ignore session requests for non-ROM services */
|
|
|
|
if (Genode::strcmp(service_name, "ROM")) return 0;
|
|
|
|
|
|
|
|
/* drop out if request refers to another file name */
|
|
|
|
char buf[FILENAME_MAX_LEN];
|
|
|
|
Genode::Arg_string::find_arg(args, "filename").string(buf, sizeof(buf), "");
|
|
|
|
return !Genode::strcmp(buf, _filename) ? &_local_rom_service : 0;
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
|
Support for dynamic ROM sessions, fix #170
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.
Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.
To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.
In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.
The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).
An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
2012-04-04 15:07:19 +00:00
|
|
|
class Child_policy_redirect_rom_file
|
|
|
|
{
|
|
|
|
private:
|
|
|
|
|
|
|
|
char const *_from;
|
|
|
|
char const *_to;
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
Child_policy_redirect_rom_file(const char *from, const char *to)
|
|
|
|
: _from(from), _to(to) { }
|
|
|
|
|
|
|
|
void filter_session_args(const char *service,
|
|
|
|
char *args, Genode::size_t args_len)
|
|
|
|
{
|
|
|
|
if (!_from || !_to) return;
|
|
|
|
|
|
|
|
/* ignore session requests for non-ROM services */
|
|
|
|
if (Genode::strcmp(service, "ROM")) return;
|
|
|
|
|
|
|
|
/* drop out if request refers to another file name */
|
|
|
|
enum { FILENAME_MAX_LEN = 32 };
|
|
|
|
char buf[FILENAME_MAX_LEN];
|
|
|
|
Genode::Arg_string::find_arg(args, "filename").string(buf, sizeof(buf), "");
|
|
|
|
if (Genode::strcmp(_from, buf) != 0) return;
|
|
|
|
|
|
|
|
/* replace filename argument */
|
|
|
|
Genode::snprintf(buf, sizeof(buf), "\"%s\"", _to);
|
|
|
|
Genode::Arg_string::set_arg(args, args_len, "filename", buf);
|
2014-09-12 18:17:47 +00:00
|
|
|
|
|
|
|
/* replace characters after last label delimiter by filename */
|
|
|
|
enum { LABEL_MAX_LEN = 200 };
|
|
|
|
char label[LABEL_MAX_LEN];
|
|
|
|
Genode::Arg_string::find_arg(args, "label").string(label, sizeof(label), "");
|
|
|
|
unsigned last_elem = 0;
|
|
|
|
for (unsigned i = 0; i < sizeof(label) - 3 && label[i]; i++)
|
|
|
|
if (Genode::strcmp("-> ", label + i, 3) == 0)
|
|
|
|
last_elem = i + 3;
|
|
|
|
label[last_elem] = 0;
|
|
|
|
|
|
|
|
Genode::snprintf(buf, sizeof(buf), "\"%s%s\"", label, _to);
|
|
|
|
Genode::Arg_string::set_arg(args, args_len, "label", buf);
|
|
|
|
|
Support for dynamic ROM sessions, fix #170
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.
Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.
To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.
In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.
The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).
An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
2012-04-04 15:07:19 +00:00
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2011-12-22 15:19:25 +00:00
|
|
|
class Traditional_child_policy : public Genode::Child_policy,
|
|
|
|
public Genode::Client
|
|
|
|
{
|
|
|
|
protected:
|
|
|
|
|
|
|
|
enum { NAME_LEN = 64 };
|
|
|
|
char _name[NAME_LEN];
|
|
|
|
|
2012-10-24 14:27:26 +00:00
|
|
|
char const *_root;
|
|
|
|
|
2011-12-22 15:19:25 +00:00
|
|
|
Genode::Server *_server;
|
|
|
|
Genode::Service_registry *_parent_services;
|
|
|
|
Genode::Service_registry *_child_services;
|
|
|
|
Genode::Dataspace_capability _config_ds;
|
|
|
|
Genode::Rpc_entrypoint *_parent_entrypoint;
|
|
|
|
Child_policy_enforce_labeling _labeling_policy;
|
|
|
|
Child_policy_handle_cpu_priorities _priority_policy;
|
|
|
|
Child_policy_provide_rom_file _config_policy;
|
|
|
|
Child_policy_provide_rom_file _binary_policy;
|
|
|
|
|
|
|
|
public:
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*/
|
|
|
|
Traditional_child_policy(const char *name,
|
|
|
|
Genode::Server *server,
|
|
|
|
Genode::Service_registry *parent_services,
|
|
|
|
Genode::Service_registry *child_services,
|
|
|
|
Genode::Dataspace_capability config_ds,
|
|
|
|
Genode::Dataspace_capability binary_ds,
|
|
|
|
long prio_levels_log2,
|
|
|
|
long priority,
|
2012-10-24 14:27:26 +00:00
|
|
|
char const *root,
|
2011-12-22 15:19:25 +00:00
|
|
|
Genode::Rpc_entrypoint *parent_entrypoint)
|
|
|
|
:
|
2012-10-24 14:27:26 +00:00
|
|
|
_root(root),
|
2011-12-22 15:19:25 +00:00
|
|
|
_server(server),
|
|
|
|
_parent_services(parent_services),
|
|
|
|
_child_services(child_services),
|
|
|
|
_config_ds(config_ds),
|
|
|
|
_parent_entrypoint(parent_entrypoint),
|
|
|
|
_labeling_policy(_name),
|
|
|
|
_priority_policy(prio_levels_log2, priority),
|
|
|
|
_config_policy("config", config_ds, _parent_entrypoint),
|
2012-10-24 14:27:26 +00:00
|
|
|
_binary_policy("binary", binary_ds, _parent_entrypoint)
|
|
|
|
{
|
|
|
|
Genode::strncpy(_name, name, sizeof(_name));
|
|
|
|
}
|
2011-12-22 15:19:25 +00:00
|
|
|
|
|
|
|
const char *name() const { return _name; }
|
|
|
|
|
|
|
|
Genode::Service *resolve_session_request(const char *service_name,
|
|
|
|
const char *args)
|
|
|
|
{
|
|
|
|
Genode::Service *service;
|
|
|
|
|
|
|
|
/* check for config file request */
|
|
|
|
if ((service = _config_policy.resolve_session_request(service_name, args)))
|
|
|
|
return service;
|
|
|
|
|
|
|
|
/* check for binary file request */
|
|
|
|
if ((service = _binary_policy.resolve_session_request(service_name, args)))
|
|
|
|
return service;
|
|
|
|
|
|
|
|
/* check for services provided by the parent */
|
|
|
|
if ((service = _parent_services->find(service_name)))
|
|
|
|
return service;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the service is provided by one of our children use it,
|
|
|
|
* or wait for the service to become available.
|
|
|
|
*/
|
|
|
|
return _child_services->wait_for_service(service_name, this,
|
|
|
|
name());
|
|
|
|
}
|
|
|
|
|
|
|
|
void filter_session_args(const char *service, char *args,
|
|
|
|
Genode::size_t args_len)
|
|
|
|
{
|
|
|
|
_labeling_policy.filter_session_args(service, args, args_len);
|
|
|
|
_priority_policy.filter_session_args(service, args, args_len);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool announce_service(const char *service_name,
|
|
|
|
Genode::Root_capability root,
|
2012-04-11 16:24:37 +00:00
|
|
|
Genode::Allocator *alloc,
|
2013-02-21 11:39:57 +00:00
|
|
|
Genode::Server * /*server*/)
|
2011-12-22 15:19:25 +00:00
|
|
|
{
|
|
|
|
if (_child_services->find(service_name)) {
|
|
|
|
PWRN("%s: service %s is already registered",
|
|
|
|
name(), service_name);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* XXX remove potential race between checking for and inserting service */
|
|
|
|
|
|
|
|
_child_services->insert(new (alloc)
|
|
|
|
Genode::Child_service(service_name, root, _server));
|
|
|
|
Genode::printf("%s registered service %s\n", name(), service_name);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
void unregister_services()
|
|
|
|
{
|
|
|
|
Genode::Service *rs;
|
|
|
|
while ((rs = _child_services->find_by_server(_server)))
|
|
|
|
_child_services->remove(rs);
|
|
|
|
}
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* _INCLUDE__INIT__CHILD_POLICY_H_ */
|