ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-06-17 22:58:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Unification of native_capability.h

Browse Source 
This patch establishes the sole use of generic headers across all
kernels. The common 'native_capability.h' is based on the version of
base-sel4. All traditional L4 kernels and Linux use the same
implementation of the capability-lifetime management. On base-hw, NOVA,
Fiasco.OC, and seL4, custom implementations (based on their original
mechanisms) are used, with the potential to unify them further in the
future.

This change achieves binary compatibility of dynamically linked programs
across all kernels.

Furthermore, the patch introduces a Native_capability::print method,
which allows the easy output of the kernel-specific capability
representation using the base/log.h API.

Issue #1993
This commit is contained in:
Norman Feske
2016-06-15 15:04:54 +02:00
parent d71f0a9606
commit 88b358c5ef
173 changed files with 2614 additions and 1333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
repos/base-foc/src/include/base/internal/cap_alloc.h
View File

@ -14,12 +14,15 @@
#ifndef _INCLUDE__BASE__CAP_ALLOC_H_
#define _INCLUDE__BASE__CAP_ALLOC_H_
#include <base/cap_map.h>
/* Genode includes */
#include <base/native_capability.h>
#include <util/assert.h>
#include <util/construct_at.h>
#include <foc/native_capability.h>
/* base-internal includes */
#include <base/internal/cap_map.h>
namespace Genode {
/**
@ -117,8 +120,8 @@ namespace Genode {
}
}
addr_t idx_to_kcap(Cap_index *idx) {
return ((T*)idx - &_indices[0]) << Fiasco::L4_CAP_SHIFT;
addr_t idx_to_kcap(Cap_index const *idx) const {
return ((T const *)idx - &_indices[0]) << Fiasco::L4_CAP_SHIFT;
}
Cap_index* kcap_to_idx(addr_t kcap) {

246
repos/base-foc/src/include/base/internal/cap_map.h Normal file
View File

@ -0,0 +1,246 @@
/*
* \brief Mapping of Genode's capability names to kernel capabilities.
* \author Stefan Kalkowski
* \date 2012-02-16
*
* Although kernels like Fiasco.OC and NOVA provide capability mechanisms
* to us, which should prevent the usage of global names, there is no
* efficient way to retrieve a capability a process owns, when it gets the
* same capability delivered again via IPC from another thread. But in some
* use-cases in Genode this is essential (e.g. parent getting a close-session
* request from a child). Moreover, we waste a lot of slots in the
* capability-space of the process for one and the same kernel-object.
* That's why we introduce a map of Genode's global capability names to the
* process-local addresses in the capability-space.
*
* TODO: should be moved to the generic part of the framework, and used by
* NOVA too.
*/
/*
* Copyright (C) 2012-2013 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2.
*/
#ifndef _INCLUDE__BASE__CAP_MAP_H_
#define _INCLUDE__BASE__CAP_MAP_H_
/* Genode includes */
#include <base/exception.h>
#include <base/stdint.h>
#include <base/lock_guard.h>
#include <util/avl_tree.h>
#include <util/noncopyable.h>
#include <util/string.h>
/* base-internal includes */
#include <base/internal/capability_data.h>
namespace Genode {
typedef Native_capability::Data Cap_index;
/**
* Allocator for Cap_index objects.
*
* This is just an interface, as the real allocator has to be
* implemented platform-specific.
*/
class Cap_index_allocator: Noncopyable
{
public:
class Index_out_of_bounds : public Exception { };
class Region_conflict : public Exception { };
virtual ~Cap_index_allocator() {}
/**
* Allocate a range of Cap_index objects
*
* \param cnt number of objects to allocate
* \return pointer to first allocated object, or zero if
* out of entries
*/
virtual Cap_index* alloc_range(size_t cnt) = 0;
/**
* Allocate a Cap_index object at a specific
* point in the capability space
*
* \param kcap address in capability space
* \throw Index_out_of_bounds if address is out of scope
* \return pointer to allocated object
*/
virtual Cap_index* alloc(addr_t kcap) = 0;
/**
* Free a range of Cap_index objects
*
* \param idx pointer to first object in range
* \param cnt number of objects to free
* \throw Index_out_of_bounds if address is out of scope
*/
virtual void free(Cap_index *idx, size_t cnt) = 0;
/**
* Get the Cap_index object's address in capability space
*
* \param idx pointer to the Cap_index object in question
*/
virtual addr_t idx_to_kcap(Cap_index const *idx) const = 0;
/**
* Get the Cap_index object of a specific location
* in the capability space
*
* \param kcap the address in the capability space
*/
virtual Cap_index* kcap_to_idx(addr_t kcap) = 0;
/**
* Returns whether a Cap_index object is from the region
* controlled by core, or not.
*
* \param idx pointer to the Cap_index object in question
*/
virtual bool static_idx(Cap_index *idx) = 0;
/**
* Redo construction of the object
*/
virtual void reinit() = 0;
};
/**
* Get the global Cap_index_allocator of the process.
*/
Cap_index_allocator *cap_idx_alloc();
/**
* Low-level spin-lock to protect Cap_index_allocator and the Cap_map
*
* We cannot use a normal Genode lock because this lock is used by code
* executed prior the initialization of Genode
*/
class Spin_lock
{
private:
volatile int _spinlock;
public:
/**
* Constructor
*/
Spin_lock();
void lock();
void unlock();
/**
* Lock guard
*/
typedef Genode::Lock_guard<Spin_lock> Guard;
};
class Native_capability;
/**
* The Capability_map is an AVL-tree of Cap_index objects that can be
* found via the global capability id
*
* It is used to re-find capabilities whenever a capability gets
* transfered to a process, so that we can re-use an existing one
* to save entries in the capability space, and prevent leaks of
* them.
*/
class Capability_map
:
private Noncopyable
{
private:
Avl_tree<Cap_index> _tree;
Spin_lock _lock;
public:
/**
* Find an existing Cap_index via a capability id
*
* \param id the global capability id
* \return pointer of Cap_index when found, otherwise zero
*/
Cap_index* find(int id);
/**
* Create and insert a new Cap_index with a specific capability id
*
* Allocation of the Cap_index is done via the global
* Cap_index_allocator, which might throw exceptions that aren't
* caught by this method
*
* \param id the global capability id
* \return pointer to the new Cap_index object, or zero
* when allocation failed
*/
Cap_index* insert(int id);
/**
* Create and insert a new Cap_index with a specific capability id,
* and location in capability space
*
* A previously existent entry with the same id gets removed!
*
* \param id the global capability id
* \param kcap address in capability space
* \return pointer to the new Cap_index object, or zero
* when allocation failed
*/
Cap_index* insert(int id, addr_t kcap);
/**
* Create and insert a new Cap_index with a specific capability id
* and map from given kcap to newly allocated one,
* if the an entry with the same id exists already,
* it is returned if it points to the same kernel-object,
* or gets overridden if it's already invalid.
*
* Allocation of the Cap_index is done via the global
* Cap_index_allocator, which might throw exceptions that aren't
* caught by this method
*
* \param id the global capability id
* \return pointer to the new Cap_index object, or zero
* when allocation failed, or when a valid entry
* with the same id exists and it's kernel-object
* differs to the one given by kcap
*/
Cap_index* insert_map(int id, addr_t kcap);
/**
* Remove (resp. invalidate) a Cap_index object
*
* \param i pointer to Cap_index object to remove
*/
void remove(Cap_index* i);
};
/**
* Get the global Capability_map of the process.
*/
Capability_map *cap_map();
}
#endif /* _INCLUDE__BASE__CAP_MAP_H_ */

63
repos/base-foc/src/include/base/internal/capability_data.h Normal file
View File

@ -0,0 +1,63 @@
/*
* \brief Internal capability representation
* \author Norman Feske
* \author Stefan Kalkowski
* \date 2016-06-22
*/
/*
* Copyright (C) 2016 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2.
*/
#ifndef _INCLUDE__BASE__INTERNAL__CAPABILITY_DATA_H_
#define _INCLUDE__BASE__INTERNAL__CAPABILITY_DATA_H_
/* Genode includes */
#include <base/capability.h>
/**
* A Native_capability::Data object represents a single mapping of the global
* capability id to the address in the local capability space.
*
* The address of the data object determines the location in the
* (platform-specific) capability space of the component. Therefore it
* shouldn't be copied around, but only referenced by e.g. Native_capability.
*/
class Genode::Native_capability::Data : public Avl_node<Data>, Noncopyable
{
private:
enum { INVALID_ID = -1, UNUSED = 0 };
uint8_t _ref_cnt; /* reference counter */
uint16_t _id; /* global capability id */
public:
Data() : _ref_cnt(0), _id(INVALID_ID) { }
bool valid() const { return _id != INVALID_ID; }
bool used() const { return _id != UNUSED; }
uint16_t id() const { return _id; }
void id(uint16_t id) { _id = id; }
uint8_t inc();
uint8_t dec();
addr_t kcap() const;
void* operator new (size_t size, Data* idx) { return idx; }
void operator delete (void* idx) { memset(idx, 0, sizeof(Data)); }
/************************
** Avl node interface **
************************/
bool higher(Data *n);
Data *find_by_id(uint16_t id);
};
#endif /* _INCLUDE__BASE__INTERNAL__CAPABILITY_DATA_H_ */

3
repos/base-foc/src/include/base/internal/parent_cap.h
View File

@ -24,6 +24,7 @@
/* base-internal includes */
#include <base/internal/crt0.h>
#include <base/internal/cap_map.h>
namespace Genode {
@ -43,7 +44,7 @@ namespace Genode {
i = cap_map()->insert(local_name, Fiasco::PARENT_CAP);
}
return reinterpret_cap_cast<Parent>(Native_capability(i));
return reinterpret_cap_cast<Parent>(Native_capability(*i));
}
}