Unification of native_capability.h

This patch establishes the sole use of generic headers across all kernels. The common 'native_capability.h' is based on the version of base-sel4. All traditional L4 kernels and Linux use the same implementation of the capability-lifetime management. On base-hw, NOVA, Fiasco.OC, and seL4, custom implementations (based on their original mechanisms) are used, with the potential to unify them further in the future. This change achieves binary compatibility of dynamically linked programs across all kernels. Furthermore, the patch introduces a Native_capability::print method, which allows the easy output of the kernel-specific capability representation using the base/log.h API. Issue #1993
2025-06-19 15:43:56 +00:00 · 2016-06-15 15:04:54 +02:00
parent d71f0a9606
commit 88b358c5ef
173 changed files with 2614 additions and 1333 deletions
--- a/repos/base-linux/src/lib/base/capability_raw.cc
+++ b/repos/base-linux/src/lib/base/capability_raw.cc
@ -0,0 +1,31 @@
+/*
+ * \brief  Capability
+ * \author Norman Feske
+ * \date   2016-06-16
+ */
+
+/*
+ * Copyright (C) 2016 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU General Public License version 2.
+ */
+
+#include <base/log.h>
+
+/* base-internal includes */
+#include <base/internal/capability_space_tpl.h>
+
+using namespace Genode;
+
+
+Native_capability::Raw Native_capability::raw() const
+{
+	/*
+	 * On Linux, we don't pass information as a 'raw' representation to
+	 * child components. So this function remains unused. We still need
+	 * to provide it to prevent link errors of noux, which relies on this
+	 * function for implementing 'fork' (not supported on base-linux).
+	 */
+	return { { 0, 0, 0, 0 } };
+}
--- a/repos/base-linux/src/lib/base/ipc.cc
+++ b/repos/base-linux/src/lib/base/ipc.cc
@ -24,6 +24,7 @@
 #include <base/internal/native_thread.h>
 #include <base/internal/ipc_server.h>
 #include <base/internal/server_socket_pair.h>
+#include <base/internal/capability_space_tpl.h>

 /* Linux includes */
 #include <linux_syscalls.h>
@ -33,6 +34,19 @@
 using namespace Genode;


+namespace {
+
+	struct Pid
+	{
+		int value;
+
+		Pid() : value(lx_getpid()) { }
+
+		void print(Output &out) const { Genode::print(out, "[", value, "]"); }
+	};
+}
+
+
 /*
 * The request message layout is:
 *
@ -60,12 +74,21 @@ struct Protocol_header
 	/* badges of the transferred capability arguments */
 	unsigned long badges[Msgbuf_base::MAX_CAPS_PER_MSG];

-	enum { INVALID_BADGE = ~0UL };
+	enum { INVALID_BADGE = ~1UL };

 	void *msg_start() { return &protocol_word; }
 };


+/*
+ * The INVALID_BADGE must be different from the representation of an
+ * invalid RPC object key because this key value is used by manually
+ * created NON-RPC-object capabilities (client_sd, server_sd, dataspace fd).
+ */
+static_assert((int)Protocol_header::INVALID_BADGE != (int)Rpc_obj_key::INVALID,
+              "ambigious INVALID_BADGE");
+
+
 /******************************
 ** File-descriptor registry **
 ******************************/
@ -242,8 +265,11 @@ static void insert_sds_into_message(Message &msg,
 		Native_capability const &cap = snd_msgbuf.cap(i);

 		if (cap.valid()) {
-			msg.marshal_socket(cap.dst().socket);
-			header.badges[i] = cap.local_name();
+			Capability_space::Ipc_cap_data cap_data =
+				Capability_space::ipc_cap_data(cap);
+
+			msg.marshal_socket(cap_data.dst.socket);
+			header.badges[i] = cap_data.rpc_obj_key.value();
 		} else {
 			header.badges[i] = Protocol_header::INVALID_BADGE;
 		}
@ -277,7 +303,8 @@ static void extract_sds_from_message(unsigned start_index,

 		int const associated_sd = Genode::ep_sd_registry()->try_associate(sd, id);

-		buf.insert(Native_capability(Cap_dst_policy::Dst(associated_sd), badge));
+		buf.insert(Capability_space::import(Rpc_destination(associated_sd),
+		                                    Rpc_obj_key(badge)));

 		if ((associated_sd >= 0) && (associated_sd != sd)) {

@ -374,10 +401,13 @@ Rpc_exception_code Genode::ipc_call(Native_capability dst,
 	/* marshal capabilities contained in 'snd_msgbuf' */
 	insert_sds_into_message(snd_msg, snd_header, snd_msgbuf);

-	int const send_ret = lx_sendmsg(dst.dst().socket, snd_msg.msg(), 0);
+	int const dst_socket = Capability_space::ipc_cap_data(dst).dst.socket;
+
+	int const send_ret = lx_sendmsg(dst_socket, snd_msg.msg(), 0);
 	if (send_ret < 0) {
-		PRAW("[%d] lx_sendmsg to sd %d failed with %d in lx_call()",
-		     lx_getpid(), dst.dst().socket, send_ret);
+		raw(Pid(), " lx_sendmsg to sd ", dst_socket,
+		    " failed with ", send_ret, " in lx_call()");
+		for (;;);
 		throw Genode::Ipc_error();
 	}

@ -414,7 +444,9 @@ Rpc_exception_code Genode::ipc_call(Native_capability dst,
 void Genode::ipc_reply(Native_capability caller, Rpc_exception_code exc,
                       Msgbuf_base &snd_msg)
 {
-	try { lx_reply(caller.dst().socket, exc, snd_msg); } catch (Ipc_error) { }
+	int const reply_socket = Capability_space::ipc_cap_data(caller).dst.socket;
+
+	try { lx_reply(reply_socket, exc, snd_msg); } catch (Ipc_error) { }
 }


@ -425,7 +457,7 @@ Genode::Rpc_request Genode::ipc_reply_wait(Reply_capability const &last_caller,
 {
 	/* when first called, there was no request yet */
 	if (last_caller.valid() && exc.value != Rpc_exception_code::INVALID_OBJECT)
-		lx_reply(last_caller.dst().socket, exc, reply_msg);
+		lx_reply(Capability_space::ipc_cap_data(last_caller).dst.socket, exc, reply_msg);

 	/*
 	 * Block infinitely if called from the main thread. This may happen if the
@ -464,15 +496,15 @@ Genode::Rpc_request Genode::ipc_reply_wait(Reply_capability const &last_caller,
 		/* start at offset 1 to skip the reply channel */
 		extract_sds_from_message(1, msg, header, request_msg);

-		typedef Native_capability::Dst Dst;
-		return Rpc_request(Native_capability(Dst(reply_socket), ~0UL), badge);
+		return Rpc_request(Capability_space::import(Rpc_destination(reply_socket),
+		                                            Rpc_obj_key()), badge);
 	}
 }


 Ipc_server::Ipc_server()
 :
-	Native_capability(Dst(-1), 0)
+	Native_capability(Capability_space::import(Rpc_destination(), Rpc_obj_key()))
 {
 	/*
 	 * If 'thread' is 0, the constructor was called by the main thread. By
@ -498,7 +530,8 @@ Ipc_server::Ipc_server()

 	/* override capability initialization */
 	*static_cast<Native_capability *>(this) =
-		Native_capability(Native_capability::Dst(socket_pair.client_sd), 0);
+		Capability_space::import(Rpc_destination(socket_pair.client_sd),
+		                         Rpc_obj_key());
 }


--- a/repos/base-linux/src/lib/base/platform_env.cc
+++ b/repos/base-linux/src/lib/base/platform_env.cc
@ -22,6 +22,7 @@
 #include <base/internal/native_thread.h>
 #include <base/internal/globals.h>
 #include <base/internal/parent_socket_handle.h>
+#include <base/internal/capability_space_tpl.h>

 using namespace Genode;

@ -32,16 +33,18 @@ using namespace Genode;

 size_t Region_map_mmap::_dataspace_size(Dataspace_capability ds)
 {
-	if (ds.valid())
-		return Dataspace_client(ds).size();
+	if (local(ds))
+		return Local_capability<Dataspace>::deref(ds)->size();
+
+	return Dataspace_client(ds).size();

-	return Local_capability<Dataspace>::deref(ds)->size();
 }


 int Region_map_mmap::_dataspace_fd(Dataspace_capability ds)
 {
-	return Linux_dataspace_client(ds).fd().dst().socket;
+	Untyped_capability fd_cap = Linux_dataspace_client(ds).fd();
+	return Capability_space::ipc_cap_data(fd_cap).dst.socket;
 }


@ -126,12 +129,13 @@ static unsigned long get_env_ulong(const char *key)

 static Parent_capability obtain_parent_cap()
 {
-	long local_name = get_env_ulong("parent_local_name");
+	long const local_name = get_env_ulong("parent_local_name");

-	/* produce typed capability manually */
-	typedef Native_capability::Dst Dst;
-	Dst const dst(PARENT_SOCKET_HANDLE);
-	return reinterpret_cap_cast<Parent>(Native_capability(dst, local_name));
+	Untyped_capability parent_cap =
+		Capability_space::import(Rpc_destination(PARENT_SOCKET_HANDLE),
+		                         Rpc_obj_key(local_name));
+
+	return reinterpret_cap_cast<Parent>(parent_cap);
 }


@ -178,8 +182,10 @@ namespace Genode {

 		Thread *thread = Thread::myself();
 		if (thread) {
-			socket_pair.server_sd = native_cpu.server_sd(thread->cap()).dst().socket;
-			socket_pair.client_sd = native_cpu.client_sd(thread->cap()).dst().socket;
+			Untyped_capability server_cap = native_cpu.server_sd(thread->cap());
+			Untyped_capability client_cap = native_cpu.client_sd(thread->cap());
+			socket_pair.server_sd = Capability_space::ipc_cap_data(server_cap).dst.socket;
+			socket_pair.client_sd = Capability_space::ipc_cap_data(client_cap).dst.socket;
 			thread->native_thread().socket_pair = socket_pair;
 		}
 		return socket_pair;
--- a/repos/base-linux/src/lib/base/region_map_mmap.cc
+++ b/repos/base-linux/src/lib/base/region_map_mmap.cc
@ -53,7 +53,7 @@ using namespace Genode;

 static bool is_sub_rm_session(Dataspace_capability ds)
 {
-	if (ds.valid())
+	if (ds.valid() && !local(ds))
 		return false;

 	return Local_capability<Dataspace>::deref(ds) != 0;