From e8e499ae9e16b9cbe7343c482b25873e4463f27b Mon Sep 17 00:00:00 2001 From: Norman Feske Date: Tue, 3 Sep 2024 16:48:40 +0200 Subject: [PATCH] nitpicker: account input and framebuffer caps This patch deduces the caps needed for the framebuffer and input RPC objects from the resources accounted locally within the session. It also takes precautions for the situation where a client offers too little resources, prompting the mid-way cancelling of the 'Session_component' creation. With the patch, the 'ep.manage' operations are rolled back by the corresponding 'ep.dissolve' operations. Issue #5340 --- .../os/src/server/nitpicker/framebuffer_session.h | 11 +++++++++-- repos/os/src/server/nitpicker/gui_session.h | 15 +++------------ repos/os/src/server/nitpicker/input_session.h | 10 ++++++++-- repos/os/src/server/nitpicker/main.cc | 9 ++++++++- 4 files changed, 28 insertions(+), 17 deletions(-) diff --git a/repos/os/src/server/nitpicker/framebuffer_session.h b/repos/os/src/server/nitpicker/framebuffer_session.h index bc6a0e6ec8..12cb71bd9a 100644 --- a/repos/os/src/server/nitpicker/framebuffer_session.h +++ b/repos/os/src/server/nitpicker/framebuffer_session.h @@ -38,6 +38,7 @@ class Framebuffer::Session_component : public Rpc_object Session_component(Session_component const &); Session_component &operator = (Session_component const &); + Entrypoint &_ep; View_stack &_view_stack; Nitpicker::Gui_session &_session; Buffer_provider &_buffer_provider; @@ -51,14 +52,20 @@ class Framebuffer::Session_component : public Rpc_object /** * Constructor */ - Session_component(View_stack &view_stack, + Session_component(Entrypoint &ep, + View_stack &view_stack, Nitpicker::Gui_session &session, Buffer_provider &buffer_provider) : + _ep(ep), _view_stack(view_stack), _session(session), _buffer_provider(buffer_provider) - { } + { + _ep.manage(*this); + } + + ~Session_component() { _ep.dissolve(*this); } /** * Change virtual framebuffer mode diff --git a/repos/os/src/server/nitpicker/gui_session.h b/repos/os/src/server/nitpicker/gui_session.h index 1235b51475..6221d60fd9 100644 --- a/repos/os/src/server/nitpicker/gui_session.h +++ b/repos/os/src/server/nitpicker/gui_session.h @@ -136,10 +136,6 @@ class Nitpicker::Gui_session : public Session_object, Tslab _view_ref_alloc { &_session_alloc }; - /* capabilities for sub sessions */ - Framebuffer::Session_capability _framebuffer_session_cap; - Input::Session_capability _input_session_cap; - bool const _provides_default_bg; /* size of currently allocated virtual framebuffer, in bytes */ @@ -208,22 +204,17 @@ class Nitpicker::Gui_session : public Session_object, _env(env), _ram(env.ram(), _ram_quota_guard(), _cap_quota_guard()), _session_alloc(_ram, env.rm()), - _framebuffer_session_component(view_stack, *this, *this), + _framebuffer_session_component(env.ep(), view_stack, *this, *this), _view_stack(view_stack), _focus_updater(focus_updater), _hover_updater(hover_updater), _pointer_origin(pointer_origin), _builtin_background(builtin_background), - _framebuffer_session_cap(_env.ep().manage(_framebuffer_session_component)), - _input_session_cap(_env.ep().manage(_input_session_component)), _provides_default_bg(provides_default_bg), _focus_reporter(focus_reporter) { } ~Gui_session() { - _env.ep().dissolve(_framebuffer_session_component); - _env.ep().dissolve(_input_session_component); - while (_view_ids.apply_any([&] (View_ref &view_ref) { destroy(_view_ref_alloc, &view_ref); })); @@ -379,10 +370,10 @@ class Nitpicker::Gui_session : public Session_object, ***************************/ Framebuffer::Session_capability framebuffer() override { - return _framebuffer_session_cap; } + return _framebuffer_session_component.cap(); } Input::Session_capability input() override { - return _input_session_cap; } + return _input_session_component.cap(); } View_result view(View_id, View_attr const &attr) override; diff --git a/repos/os/src/server/nitpicker/input_session.h b/repos/os/src/server/nitpicker/input_session.h index 02712db8d0..520fd11edf 100644 --- a/repos/os/src/server/nitpicker/input_session.h +++ b/repos/os/src/server/nitpicker/input_session.h @@ -39,6 +39,8 @@ class Input::Session_component : public Rpc_object private: + Entrypoint &_ep; + /* * Exported event buffer dataspace */ @@ -58,8 +60,12 @@ class Input::Session_component : public Rpc_object Session_component(Env &env) : - _ev_ram_ds(env.ram(), env.rm(), ev_ds_size()) - { } + _ep(env.ep()), _ev_ram_ds(env.ram(), env.rm(), ev_ds_size()) + { + _ep.manage(*this); + } + + ~Session_component() { _ep.dissolve(*this); } /** * Wake up client diff --git a/repos/os/src/server/nitpicker/main.cc b/repos/os/src/server/nitpicker/main.cc index 36f099d7b7..7e24056748 100644 --- a/repos/os/src/server/nitpicker/main.cc +++ b/repos/os/src/server/nitpicker/main.cc @@ -91,9 +91,16 @@ class Nitpicker::Gui_root : public Root_component bool const provides_default_bg = (label == "backdrop"); + Genode::Session::Resources resources = session_resources_from_args(args); + + /* account caps for input and framebuffer RPC objects */ + if (resources.cap_quota.value < 2) + throw Insufficient_cap_quota(); + resources.cap_quota.value -= 2; + Gui_session *session = new (md_alloc()) Gui_session(_env, - session_resources_from_args(args), label, + resources, label, session_diag_from_args(args), _view_stack, _focus_updater, _hover_updater, _pointer_origin, _builtin_background, provides_default_bg,