Commit Graph

2677 Commits

Author SHA1 Message Date
Norman Feske
f33c7c73bd Delegate access to entrypoints via SCM rights
This patch eliminates the thread ID portion of the 'Native_capability'
type. The access to entrypoints is now exclusively handled by passing
socket descripts over Unix domain sockets and by inheriting the socket
descriptor of the parent entrypoint at process-creation time.

Each entrypoint creates a socket pair. The server-side socket is bound
to a unique name defined by the server. The client-side socket is then
connected to the same name. Whereas the server-side socket is meant to
be exclusively used by the server to wait for incoming requests, the
client-side socket can be delegated to other processes as payload of RPC
messages (via SCM rights). Anyone who receives a capability over RPC
receives the client-side socket of the entrypoint to which the
capability refers. Given this socket descriptor, the unique name (as
defined by the server) can be requested using 'getpeername'. Using this
name, it is possible to compare socket descriptors, which is important
to avoid duplicates from polluting the limited socket-descriptor name
space.

Wheras this patch introduces capability-based delegation of access
rights to entrypoints, it does not cover the protection of the integrity
of RPC objects. RPC objects are still referenced by a global ID passed
as normal message payload.
2012-11-05 17:31:04 +01:00
Norman Feske
64efaf249a Test naming of bound unix domain sockets 2012-11-05 17:31:04 +01:00
Norman Feske
ca4f574f4c Support for socket-descriptor marshalling
This patch adds prinicipal support for transmitting socket descriptors
as RPC payload. Socket descriptors are handled by the linux-specific
implementation of the capability marshalling and unmarshalling functions
in 'ipc.h'. The 'Message' type in 'src/platform/linux_socket.h' has been
extended to carry multiple descriptors in a single message.

Unfortuately, we hit a problem (and potential show stopper) here:

  lx_sendmsg failed with -109 in lx_call()

The error code corresponds to ETOOMANYREFS. There is only one place in
the Linux kernel where this error code is used (net/unix/af_unix.c).
The code for 'unix_attach_fds()' suggests that there is a limit with
regard to the maximum number of references for a given Unix domain
socket. When the error occurs, core and init are running. The socket
of core's server entrypoint is present in the '/proc/pid/fd' of those
processes 8 times. The error occurs when core tries to perform an
RPC to the entrypoint to perform 'Ram_session::transfer_quota()'
(base/include/base/child.h at line 248).
2012-11-05 17:31:04 +01:00
Norman Feske
8b343d7e1a linux: Remove socket member from 'Native_thread'
The only information needed per thread is whether the thread plays the
role of an 'Ipc_server' or not. We encode this information using a bool
value.
2012-11-05 17:31:03 +01:00
Norman Feske
b01a1a92cc Do not pass client tid to server on IPC call
Thanks to the SCM-rights-based reply capability, the server does not
need to know about the client's TID anymore.
2012-11-05 17:31:03 +01:00
Norman Feske
508d2050a6 linux: Fix 'explicit_reply' semantics
By storing the reply socket descriptor inside the 'Ipc_ostream::_dst'
capability instead as part of the connection state object, we can
use the 'explicit_reply' mechanism as usual. Right now, we store
both the tid and socket handle in 'Native_capability::Dst'. In the
final version, the 'tid' member will be gone.
2012-11-05 17:31:03 +01:00
Norman Feske
1c3b9a6f68 Add 'socket' member to 'Native_capability::Dst'
In the final version, the 'socket' will be the only member to remain in
the 'Dst' time. In the transition phase, we store both the old 'tid' and
the 'socket'.
2012-11-05 17:31:03 +01:00
Norman Feske
c09cd2d1a7 Merge of initial SCM rights code
This patch, which was originally created by Christian Helmuth,
represents the first step towards using SCM rights as capability
mechanism on Linux. It employs the SCM rights mechanism for transmitting
a reply capability to the server as argument of each IPC call. The
server will then send its respond to this reply file descriptor. This
way, the reply channel does not need to be globally visible anymore.
2012-11-05 17:31:03 +01:00
Norman Feske
76b60566b7 Whitespace fix 2012-11-05 17:28:51 +01:00
Alexander Boettcher
c1d59e81c2 NOVA: use latest kernel from github
Related to issue #431. Requires toolchain rebuild to bump version to 2.22 !!!

Fixes #429
2012-11-05 17:28:51 +01:00
Christian Helmuth
7c77d0ee5f Prevent compiler warnings
Fixes #464.
2012-11-05 10:57:29 +01:00
Christian Prochaska
c99dd8fdf8 Use 'CURDIR' make variable in Genode make files
The bash-builtin 'pwd' command uses the 'st_dev' and 'st_ino' members of
the 'stat' struct to compare the path from the 'PWD' environment variable
with the path returned by 'getcwd()'. These members don't get set
correctly in Noux and therefore the 'pwd' command sometimes returns wrong
results when building Genode in Noux. With this patch the 'CURDIR' make
variable gets used instead of calling 'pwd'.

Fixes #454.
2012-11-03 09:54:14 +01:00
Christian Prochaska
22cc867234 'Allocator_avl_base::free()': print error message
With this patch an error message gets printed in
'Allocator_avl_base::free()' if the given address is not the start address
of the allocated block.

Fixes #459.
2012-11-03 09:53:34 +01:00
Christian Prochaska
a48942bffc Fix warning in QPluginWidget test
Create the signal context object before the signal receiver object to get the
signal receiver destroyed before the signal context. This avoids a 'specified
signal-context capability has wrong type' warning when the signal receiver
tries to free its managed context on destruction.

Part of #448.
2012-11-03 09:52:19 +01:00
Christian Prochaska
d46c79b428 libc_lock_pipe: match alloc. and dealloc. funcs
Fixes #460.
2012-11-03 09:51:56 +01:00
Christian Prochaska
abf3867d39 Arora: add 'stdcxx.lib.so' to boot modules
Fixes #461.
2012-11-03 09:51:14 +01:00
Stefan Kalkowski
70dfe4fcd7 Fiasco.OC: forward CC, and CXX variables (fix #462)
When building the Fiasco.OC kernel, and L4Linux within the Genode build system,
forward the CC, and CXX variables. It might contain useful tools like ccache,
or distcc to speed up compilation. Moreover, don't delete the MAKEFLAGS when
building Fiasco.OC. It hinders parallel builds.
2012-11-03 09:50:37 +01:00
Stefan Kalkowski
518cbc5a5f L4Linux: no linux-kernel memcpy in cxx (fix #446)
Certain symbols from the libgcc_eh library in cxx that is linked with the
L4Linux kernel were resolved by using kernel internal implementations.
This lead to errors because the complete Linux kernel is built regparm=3.
This patch prefixes the appropriate symbols in the Linux Kernel and its
modules. Moreover, it fixes some warnings introduced by the latest update
to gcc 4.7.
2012-11-03 09:49:04 +01:00
Christian Helmuth
20ddd1bcdc lwip: setup static IP if provided
Fixes #349.
2012-11-02 14:57:47 +01:00
Christian Helmuth
4d36c12d19 Reduce LOG noise to due disappeared clients
The message is disarmed in release mode (SPECS += release).

Fixes #310.
2012-11-02 13:35:45 +01:00
Norman Feske
d28b34b1fe Return value of correct type, reported by gcc-4.7 2012-11-01 17:06:05 +01:00
Norman Feske
19a996bcb9 Follow gcc's suggestions about using braces 2012-11-01 17:04:06 +01:00
Norman Feske
3772a526f6 Remove superfluous include 2012-11-01 17:04:06 +01:00
Norman Feske
d1de48e4a4 Fix narrowing issue reported by gcc-4.7 2012-11-01 17:04:03 +01:00
Norman Feske
ee2d45164e Fix possible int overflow reported by gcc-4.7 2012-11-01 17:03:13 +01:00
Norman Feske
009e93298a Add testnit to 'terminal_log.run'
Fixes #457.
2012-11-01 16:01:51 +01:00
Torsten Hilbrich
06ce0a8ef1 loader: Fix warnings about uninitialized variable
g++ 4.4.5 outputs the following warnings in our code using the loader
session:

.../base/include/base/capability.h: In member function 'typename Genode::Trait::Call_return<typename IF::Ret_type>::Type Genode::Capability<RPC_INTERFACE>::call() const [with IF = Loader::Session::Rpc_view_geometry, RPC_INTERFACE = Loader::Session]':
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::width' may be used uninitialized in this function
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::height' may be used uninitialized in this function
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::buf_x' may be used uninitialized in this function
.../base/include/base/capability.h:207: warning: 'ret.Genode::Capability<Loader::Session>::Return<Loader::Session::Rpc_view_geometry>::_value.Loader::Session::View_geometry::buf_y' may be used uninitialized in this function

This is easily fixed with providing a default constructor.

Because of the C++ rules regarding initialer lists code that used
them for View_geometry had to be modified to use a normal construction
call.  In my tests only Nitpicker had to be changed.
2012-11-01 14:48:18 +01:00
Christian Helmuth
45f007fa9f Shell brace expansion is non-POSIX
Preparation of base-pistachio fails on Ubuntu with dash as /bin/sh as it
does not support non-POSIX features like brace expansion. In this case
expanding in the Makefile via $(addprefix ...) fixes this shortcoming.
2012-10-31 23:07:58 +01:00
Norman Feske
2a03c78dfb Update L4ka::Pistachio, fix gcc-4.7 problem
With the update to L4ka::Pistachio, we no longer need to patch the
contrib sources. Our patch went upstream in the meanwhile.

Apparently, gcc-4.7 is picky about specifying the '-melf_i386' argument
at the command line of the GCC frontend. We need to make sure to use the
'-Wl,' prefix.
2012-10-31 18:47:43 +01:00
Norman Feske
05e60691cb Add missing libs
The eglgears application depends on 'sqrt'. With the old tool chain,
this symbol was resolved through the dependencies of the 'gallium'
library. This does not work anymore for the new tool chain.

A similar issue arised for avplay, where we need to explicitly
state the av components in the LIBS declaration of the target.
2012-10-31 18:24:08 +01:00
Norman Feske
1fc7d4c573 Adapt binutils patch to version 2.22
Related to issue #346
2012-10-31 10:57:47 +01:00
Christian Prochaska
85b86a11b5 ports: binutils 2.22 and GCC 4.7.2 update 2012-10-30 18:16:25 +01:00
Christian Prochaska
dedfd3526d tool chain: binutils 2.22 and GCC 4.7.2 update 2012-10-30 18:16:19 +01:00
Christian Prochaska
e3b1063a36 tool chain: gcc-4.7.1 fixes 2012-10-30 18:16:05 +01:00
Taru Karttunen
443d611dd2 tool chain: switch to gcc-4.7.1 2012-10-30 18:15:27 +01:00
Christian Prochaska
0910e14de5 Fix OKLinux compile errors with GCC 4.7
Fixes #451.
2012-10-30 17:58:23 +01:00
Christian Prochaska
dc205e6937 base-hw: fix compile error with GCC 4.7
Fixes #438.
2012-10-30 17:47:52 +01:00
Norman Feske
18d881cf0f Split terminal implementation into multiple files
The terminal has a lot of bits that may be worth reusing outside the
single implementation. Those bits are now located at 'include/terminal'
in the gems repository.
2012-10-30 12:25:19 +01:00
Norman Feske
6fba73ee1d Add built-in font sizes (8, 12, 16) to terminal 2012-10-30 12:25:19 +01:00
Norman Feske
fb452ce6ba Add const qualifiers 2012-10-30 12:25:19 +01:00
Christian Prochaska
1389b63050 base-foc: fix capability index leak
Call the destructor of the thread context object on thread destruction to
remove any contained capability references.

Fixes #393.
2012-10-30 12:18:31 +01:00
Christian Prochaska
ecb6947f9c Noux: fix 'Rm_session_component' destructor
Fixes #434.
2012-10-30 12:17:43 +01:00
Christian Prochaska
8b09418e56 base-foc: fix 'Genode::parent_cap()'
Replacing the local name of a capability index object which exists in the
capability map can destroy the AVL tree order of the capability map. With
this patch the outdated object gets removed from the map and a new object
gets inserted afterwards.

Fixes #435.
2012-10-30 12:17:20 +01:00
Christian Prochaska
5a88e106df Define '__dso_handle' in shared libraries.
The '__dso_handle' symbol is needed when building with GCC 4.7.

Fixes #437.
2012-10-30 12:17:00 +01:00
Christian Prochaska
9d08c2b675 libports: update Qoost to version ce3d328928
Update Qoost to version ce3d328928 for GCC 4.7 support.

Fixes #408.
2012-10-30 12:16:45 +01:00
Christian Prochaska
9b68c1a3a8 lynx: add libcrypto to 'LIBS'
Fixes #447.
2012-10-30 12:13:39 +01:00
Christian Helmuth
2f357a7224 Firewall-friendly download methods for contrib src
After this commit "make prepare" uses HTTP, HTTPS, or FTP where possible
fvor downloading third-party source codes. This prevents problems with
strict firewall rules where only selected ports are usable.

Unfortunately, git.l4android.org does not support Git via HTTP and,
therefore, the sources need a working Git port (9418).

Fixes #443.
2012-10-30 12:12:42 +01:00
Norman Feske
746f3d4603 Add missing variable initialization 2012-10-30 12:06:55 +01:00
Christian Helmuth
fef2551af4 lx_hybrid: revive missing errno test 2012-10-29 10:08:30 +01:00
Stefan Kalkowski
4a92eb5660 Implement VMM for Linux in VEA9x4 normal-world 2012-10-29 10:08:30 +01:00