nitpicker: account input and framebuffer caps

This patch deduces the caps needed for the framebuffer and input RPC objects from the resources accounted locally within the session. It also takes precautions for the situation where a client offers too little resources, prompting the mid-way cancelling of the 'Session_component' creation. With the patch, the 'ep.manage' operations are rolled back by the corresponding 'ep.dissolve' operations. Issue #5340
2024-12-18 13:26:27 +00:00 · 2024-09-03 16:48:40 +02:00 · 2024-09-03 16:48:40 +02:00 · e8e499ae9e
commit e8e499ae9e
parent e4af726056
4 changed files with 28 additions and 17 deletions
--- a/repos/os/src/server/nitpicker/framebuffer_session.h
+++ b/repos/os/src/server/nitpicker/framebuffer_session.h
@ -38,6 +38,7 @@ class Framebuffer::Session_component : public Rpc_object<Session>
 		Session_component(Session_component const &);
 		Session_component &operator = (Session_component const &);

+		Entrypoint               &_ep;
 		View_stack               &_view_stack;
 		Nitpicker::Gui_session   &_session;
 		Buffer_provider          &_buffer_provider;
@ -51,14 +52,20 @@ class Framebuffer::Session_component : public Rpc_object<Session>
 		/**
 		 * Constructor
 		 */
-		Session_component(View_stack             &view_stack,
+		Session_component(Entrypoint             &ep,
+		                  View_stack             &view_stack,
 		                  Nitpicker::Gui_session &session,
 		                  Buffer_provider        &buffer_provider)
 		:
+			_ep(ep),
 			_view_stack(view_stack),
 			_session(session),
 			_buffer_provider(buffer_provider)
-		{ }
+		{
+			_ep.manage(*this);
+		}
+
+		~Session_component() { _ep.dissolve(*this); }

 		/**
 		 * Change virtual framebuffer mode
--- a/repos/os/src/server/nitpicker/gui_session.h
+++ b/repos/os/src/server/nitpicker/gui_session.h
@ -136,10 +136,6 @@ class Nitpicker::Gui_session : public  Session_object<Gui::Session>,

 		Tslab<View_ref, 4000> _view_ref_alloc { &_session_alloc };

-		/* capabilities for sub sessions */
-		Framebuffer::Session_capability _framebuffer_session_cap;
-		Input::Session_capability       _input_session_cap;
-
 		bool const _provides_default_bg;

 		/* size of currently allocated virtual framebuffer, in bytes */
@ -208,22 +204,17 @@ class Nitpicker::Gui_session : public  Session_object<Gui::Session>,
 			_env(env),
 			_ram(env.ram(), _ram_quota_guard(), _cap_quota_guard()),
 			_session_alloc(_ram, env.rm()),
-			_framebuffer_session_component(view_stack, *this, *this),
+			_framebuffer_session_component(env.ep(), view_stack, *this, *this),
 			_view_stack(view_stack),
 			_focus_updater(focus_updater), _hover_updater(hover_updater),
 			_pointer_origin(pointer_origin),
 			_builtin_background(builtin_background),
-			_framebuffer_session_cap(_env.ep().manage(_framebuffer_session_component)),
-			_input_session_cap(_env.ep().manage(_input_session_component)),
 			_provides_default_bg(provides_default_bg),
 			_focus_reporter(focus_reporter)
 		{ }

 		~Gui_session()
 		{
-			_env.ep().dissolve(_framebuffer_session_component);
-			_env.ep().dissolve(_input_session_component);
-
 			while (_view_ids.apply_any<View_ref>([&] (View_ref &view_ref) {
 				destroy(_view_ref_alloc, &view_ref); }));

@ -379,10 +370,10 @@ class Nitpicker::Gui_session : public  Session_object<Gui::Session>,
 		 ***************************/

 		Framebuffer::Session_capability framebuffer() override {
-			return _framebuffer_session_cap; }
+			return _framebuffer_session_component.cap(); }

 		Input::Session_capability input() override {
-			return _input_session_cap; }
+			return _input_session_component.cap(); }

 		View_result view(View_id, View_attr const &attr) override;

--- a/repos/os/src/server/nitpicker/input_session.h
+++ b/repos/os/src/server/nitpicker/input_session.h
@ -39,6 +39,8 @@ class Input::Session_component : public Rpc_object<Session>

 	private:

+		Entrypoint &_ep;
+
 		/*
 		 * Exported event buffer dataspace
 		 */
@ -58,8 +60,12 @@ class Input::Session_component : public Rpc_object<Session>

 		Session_component(Env &env)
 		:
-			_ev_ram_ds(env.ram(), env.rm(), ev_ds_size())
-		{ }
+			_ep(env.ep()), _ev_ram_ds(env.ram(), env.rm(), ev_ds_size())
+		{
+			_ep.manage(*this);
+		}
+
+		~Session_component() { _ep.dissolve(*this); }

 		/**
 		 * Wake up client
--- a/repos/os/src/server/nitpicker/main.cc
+++ b/repos/os/src/server/nitpicker/main.cc
@ -91,9 +91,16 @@ class Nitpicker::Gui_root : public Root_component<Gui_session>

 			bool const provides_default_bg = (label == "backdrop");

+			Genode::Session::Resources resources = session_resources_from_args(args);
+
+			/* account caps for input and framebuffer RPC objects */
+			if (resources.cap_quota.value < 2)
+				throw Insufficient_cap_quota();
+			resources.cap_quota.value -= 2;
+
 			Gui_session *session = new (md_alloc())
 				Gui_session(_env,
-				            session_resources_from_args(args), label,
+				            resources, label,
 				            session_diag_from_args(args), _view_stack,
 				            _focus_updater, _hover_updater, _pointer_origin,
 				            _builtin_background, provides_default_bg,