Commit Graph

206 Commits

Author SHA1 Message Date
Norman Feske
5a1cef6381 Make label prefixing more strict
This patch unconditionally applies the labeling of sessions and thereby
removes the most common use case of 'Child_policy::filter_session_args'.
Furthermore, the patch removes an ambiguity of the session labels of
sessions created by the parent of behalf of its child, e.g., the PD
session created as part of 'Child' now has the label "<child-name>"
whereas an unlabeled PD-session request originating from the child
has the label "<child-name> -> ". This way, the routing-policy of
'Child_policy::resolve_session_request' can differentiate both cases.

As a consequence, the stricter labeling must now be considered wherever
a precise label was specified as a key for a session route or a server-
side policy selection. The simplest way to adapt those cases is to use a
'label_prefix' instead of the 'label' attribute. Alternatively, the
'label' attribute may used by appending " -> " (note the whitespace).

Fixes #2171
2016-11-30 13:37:07 +01:00
Norman Feske
784e728727 Clean ldso from using deprecated APIs
Issue #1987
2016-11-08 15:26:32 +01:00
Norman Feske
e370e08e01 Define Genode::size_t as unsigned long
Fixes #2105
2016-10-21 12:39:29 +02:00
Norman Feske
17c79a9e23 base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.

While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).

To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.

Issue #1987
2016-08-29 17:27:10 +02:00
Stefan Kalkowski
7f8f0f50ea block layer: transition to new API
Ref #1987
Fix #2058
2016-08-29 17:23:20 +02:00
Emery Hemingway
7547820af6 server/rump_fs: local symlink target termination
Clients may write symlink targets with or without null-termination.

Fixes #2043
2016-08-10 11:07:46 +02:00
Emery Hemingway
f8337b511b Move Session_label from os to base
Session_label constructor now takes a bare string rather than a
serialized argument buffer.
Replace all instances of previous constructor with 'label_from_args'
function.

Issue #1787
2016-07-11 13:09:24 +02:00
Emery Hemingway
632444ae23 server/rump_fs: transition to the new base API
Use new env, component and logging frameworks.
Sync file system and block device on component entrypoint.
Support for 'root' session argument.
Increase Rump open file descriptor limit.

Issue #1987
Fixes #2011
2016-06-28 11:09:26 +02:00
Emery Hemingway
8ae2f65da8 uniform XML boolean attribute access
Replace 'attribute(...).has_value("yes")`
with 'attribute_value(..., false)'.

This allows for boolean configuration to be set with values such as
"true", "false", "yes", "no", or "1", "0".

Fixes #2002
2016-06-22 12:21:42 +02:00
Emery Hemingway
51e8f05fb6 Ajdust run scenarios for strict policy matching
Issue #1901
2016-06-22 12:21:41 +02:00
Emery Hemingway
f06087625f server/rump_fs: skip . and .. directory elements
Do not return elements for '.' and '..' during directory reads.

Fixes #1998
2016-06-06 12:12:54 +02:00
Stefan Kalkowski
7f0c3eee6d rump_fs: set inode in Directory::read accordingly
Fix #1989
2016-06-04 13:45:26 +02:00
Norman Feske
807be83b1b Remove inconsistent use of 'is_' prefix
Fixes #1963
2016-05-23 15:52:39 +02:00
Norman Feske
fd401bdf53 Thread API cleanup
This patch cleans up the thread API and comes with the following
noteworthy changes:

- Introduced Cpu_session::Weight type that replaces a formerly used
  plain integer value to prevent the accidental mix-up of
  arguments.
- The enum definition of Cpu_session::DEFAULT_WEIGHT moved to
  Cpu_session::Weight::DEFAULT_WEIGHT
- New Thread constructor that takes a 'Env &' as first argument.
  The original constructors are now marked as deprecated. For the
  common use case where the default 'Weight' and 'Affinity' are
  used, a shortcut is provided. In the long term, those two
  constructors should be the only ones to remain.
- The former 'Thread<>' class template has been renamed to
  'Thread_deprecated'.
- The former 'Thread_base' class is now called 'Thread'.
- The new 'name()' accessor returns the thread's name as 'Name'
  object as centrally defined via 'Cpu_session::Name'. It is meant to
  replace the old-fashioned 'name' method that takes a buffer and size
  as arguments.
- Adaptation of the thread test to the new API

Issue #1954
2016-05-23 15:49:55 +02:00
Norman Feske
3bceefc9cf Omit superfluous use of "CAP"/"SIGNAL" services
The functionality of the former "CAP" and "SIGNAL" services is now
provided by core's "PD" service.
2016-05-09 13:24:51 +02:00
Emery Hemingway
52cc50174f Amend File_system session with SEEK_TAIL support
Used to read or write from the end of a file when multiple packets may
be in transit.

Supported by ram_fs, rump_fs, and vfs servers.

Fixes #1775
2016-05-09 13:10:53 +02:00
Norman Feske
511acad507 Consolidate RM service into PD session
This patch integrates three region maps into each PD session to
reduce the session overhead and to simplify the PD creation procedure.
Please refer to the issue cited below for an elaborative discussion.

Note the API change:

With this patch, the semantics of core's RM service have changed. Now,
the service is merely a tool for creating and destroying managed
dataspaces, which are rarely needed. Regular components no longer need a
RM session. For this reason, the corresponding argument for the
'Process' and 'Child' constructors has been removed.

The former interface of the 'Rm_session' is not named 'Region_map'. As a
minor refinement, the 'Fault_type' enum values are now part of the
'Region_map::State' struct.

Issue #1938
2016-05-09 13:10:51 +02:00
Emery Hemingway
cb952d2087 obscure File_system::Out_of_node_handles exception
Replace the Out_of_node_handles exception with Out_of_metadata.
Clients need to know when the server is out of internal resources,
but not why.

Cleanup and sort the errors at file_system_session.h.
Remove 'Size_limit_reached exception' from File_system, which was
internal to ram_fs.

Issue #1751
Fixes #1909
2016-04-25 10:47:52 +02:00
Stefan Kalkowski
5085ad36c3 tool: remove deprecated 'make prepare' mechanism
Fix #1897
2016-03-17 17:02:04 +01:00
Sebastian Sumpf
6b1923bbe6 rump_fs: handle non-existing root directory 2016-02-12 09:17:23 +01:00
Emery Hemingway
2d50552522 Remove Genode namespace from File_system
Fixes #1845
2016-01-08 14:48:52 +01:00
Emery Hemingway
20dc750d6a Update run scenarios for policy label matching
Issue #1766
2015-11-29 18:17:06 +01:00
Christian Helmuth
a01b1793eb dde_rump: fix race condition in rumpuser_mtx
The new mutex is a binary semaphore based on the implementation of
Genode::Semaphore using an applicant FIFO.
2015-11-18 12:22:06 +01:00
Christian Helmuth
60fa8ade1a dde_rump: propagate CC_OLEVEL to buildrump.sh
This effectively enables configuring builds with -O0 for rump sources.
Note, if the build directory is not clean, at least var/libcache/rump*
should be removed before building with changed etc/tools.conf.
2015-11-18 12:22:05 +01:00
Christian Helmuth
5c6f7bdea0 dde_rump: remove static globals 2015-11-18 12:22:05 +01:00
Emery Hemingway
2da239d0c8 void sync(char const *path)
Sync now takes a path argument at VFS and File system interfaces.

Issue #1648
2015-11-04 14:09:23 +01:00
Norman Feske
67b3c23281 dde_rump: adaptation to Xml_node change 2015-10-06 12:18:56 +02:00
Alexander Boettcher
6426d4098c dde_rump: handle ENOENT error case
Related to #1687
2015-09-30 17:13:11 +02:00
Stefan Kalkowski
ed52d5a211 Introduce 'spec' subdirectories to outline aspects
Instead of holding SPEC-variable dependent files and directories inline
within the repository structure, move them into 'spec' subdirectories
at the corresponding levels, e.g.:

  repos/base/include/spec
  repos/base/mk/spec
  repos/base/lib/mk/spec
  repos/base/src/core/spec
  ...

Moreover, this commit removes the 'platform' directories. That term was
used in an overloaded sense. All SPEC-relative 'platform' directories are
now named 'spec'. Other files, like for instance those related to the
kernel/architecture specific startup library, where moved from 'platform'
directories to explicit, more meaningful places like e.g.: 'src/lib/startup'.

Fix #1673
2015-09-16 13:58:50 +02:00
Emery Hemingway
2f1db06deb rump_fs/fuse_fs/lx_fs/ram_fs: symlink fixup
Allow symlinks to be passed to the read and write file system utilities.

Disallow writes to symlinks with offsets in file system servers, this is
to ensure that writing the target of a symlink is an atomic operation.

Fixes #1604
2015-07-21 09:40:19 +02:00
Emery Hemingway
64831c63c9 rump_fs: move files using 'renameat'
Fixes #1579
2015-07-21 09:29:41 +02:00
Emery Hemingway
cec2dd3b3f unify file system utilities to os/include/file_system
Fixes #1564
2015-06-22 14:43:36 +02:00
Emery Hemingway
5fc8ed3e6b file system servers must not use null tx buffers
Fixes #1534
2015-05-26 09:40:04 +02:00
Christian Prochaska
493bcc80df dde_rump: don't build non-Genode shared libraries
Fixes #1512
2015-05-26 09:39:48 +02:00
Emery Hemingway
55c0a947e4 Move generic fs helpers to os/include/file_system
Fixes #1488
2015-05-06 10:55:17 +02:00
Norman Feske
eaab23c012 base: const-correctness of Allocator interface
This patch adds const qualifiers to the functions Allocator::consumed,
Allocator::overhead, Allocator::avail, and Range_allocator::valid_addr.

Fixes #1481
2015-04-17 16:13:22 +02:00
Stefan Kalkowski
1e3c80ff5b arm: enable cpu cortex_a15 compiler flag
To enable the usage of virtualization extension related instructions
there is the need to enable the '-mcpu=cortex_a15' compiler flag on
those cpus. To not conflict with other compiler flags (Ref #810) we've
to disable the '-march=arm_v7a' flag.

Ref #1405
2015-02-27 11:48:04 +01:00
Sebastian Sumpf
c13fbff8c1 rump: Silence build process
The 'dest' target is renamed in the updated rump version  to 'dest.stage'. This
triggered some building steps, even when the targets already existed.

Issue #1409
2015-02-27 11:43:56 +01:00
Sebastian Sumpf
47b0b9b689 rump: Enable single CPU lock semantics
* Compile in single CPU support only
* Fix 'try_enter' semtantic for mutexes
* Unschedule when entering RW locks

Issue #1409
2015-02-27 11:43:56 +01:00
Sebastian Sumpf
422923cc95 rump: Add 'get_random_backend' function
A rump server may now implement its own random number generator, the default
impelementation will not generate random number.

Issue #1409
2015-02-27 11:43:55 +01:00
Sebastian Sumpf
7ecd83373c rump: Reduce startup latency
Since rump now requires large buffers of random numbers (>= 512 bytes), use the
jitterentropy library instead of the slow timer pseudo random number generation.

Fixes #1393
2015-02-16 13:40:35 +01:00
Christian Helmuth
e479b9e8e8 ports: also hash patches with absolute path names
Fixes #1305
2015-01-27 12:17:53 +01:00
Josef Söntgen
88f62b0988 autopilot: adapt runscripts to new run tool
Related to #1372.
2015-01-26 12:28:41 +01:00
Stefan Kalkowski
28112d1ff9 rump: exclude ARM architectures apart from v7
Ref #1366
2015-01-20 11:23:50 +01:00
Josef Söntgen
f01472b308 dde_rump: Update to current version
Issue #1361
2015-01-20 11:23:49 +01:00
Sebastian Sumpf
8b0f9fd82a rump: Use shared library interface
Remove DL-interface

Fixes #1280
2014-11-12 14:44:15 +01:00
Christian Helmuth
0b5f901e58 Log name of exiting child from Child::exit()
Fixes #1243.
2014-09-11 10:23:39 +02:00
Stefan Kalkowski
786fe805da base: introduce caching attributes (fix #1184)
On ARM it's relevant to not only distinguish between ordinary cached memory
and write-combined one, but also having non-cached memory too. To insert the
appropriated page table entries e.g.: in the base-hw kernel, we need to preserve
the information about the kind of memory from allocation until the pager
resolves a page fault. Therefore, this commit introduces a new Cache_attribute
type, and replaces the write_combined boolean with the new type where necessary.
2014-06-26 10:57:26 +02:00
Josef Söntgen
0f4d525eda dde_rump: implement rumpuser_dprintf()
Though we do not actually need this function, it is helpful while
debugging.

Fixes #1141.
2014-06-06 14:54:30 +02:00
Josef Söntgen
43cb97cd83 dde_rump: fix int casting warnings
Fixes #1141.
2014-06-06 14:54:30 +02:00
Josef Söntgen
65bdddbbdf dde_rump: rump_iso compare output on 64bit systems
Fixes #1141.
2014-06-06 14:54:30 +02:00
Norman Feske
615830e107 Enable hash checks for ports mechanism 2014-05-27 13:45:03 +02:00
Josef Söntgen
9e443c78db dde_rump: migrate to new ports mechanism
Issue #1082
2014-05-27 11:14:46 +02:00
Josef Söntgen
e777165090 dde_rump: block encryption server using cgd(4)
The 'rump_cgd' server provides block level encryption for a block
session by employing the 'cgd(4)' device provided by the rumpkernel.

'rump_cgd' uses a Block_session to get access to an existing block
device and provides another Block_session to its clients. Each block
written or read by the client is transperently encrypted or decrypted
by the server.

For now 'rump_cgd' may only _configure_ a 'cgd' device but is unable
to generate a configuration. The used cipher is hardcoded to
_aes-cbc_ with a keysize of 256 bit. Furthermore the server is able to
serve one client only.

To ease the usage, its interface is modelled after the interface of
'cgdconfig(8)'. As implications thereof the key must have the same
format as used by 'cgdconfig'. That means the key is a base 64 encoded
string in which the first 4 bytes denote the actual length of the key
in bits (these 4 bytes are stored in big endian order).

Preparing a raw (e.g. without partition table) encrypted Ext2 disk
image is done by executing 'tool/rump':

! dd if=/dev/urandom of=/path/to/disk_image
! rump -c /path/to/disk_image # key is printed to stdout
! rump -c -k <key> -F ext2fs /path/to/disk_image

To use this disk image the following config snippet can be used:

! <start name="rump_cgd">
! 	<resource name="RAM" quantum="8M" />
! 	<provides><service name="Block"/></provides>
! 	<config action="configure">
! 		<params>
! 			<method>key</method>}
! 			<key>AAABAJhpB2Y2UvVjkFdlP4m44449Pi3A/uW211mkanSulJo8</key>
! 		</params>
! 	</config>
! 	<route>
! 		<service name="Block"> <child name="ahci"/> </service>
! 		<any-service> <parent/> <any-child/> </any-service>
! 	</route>
! </start>

the Block service provided by rump_cgd may be used by a file system
server in return:

! <start name="rump_fs">
! 	<resource name="RAM" quantum="16M"/>
! 	<provides><service name="File_system"/></provides>
! 	<config fs="ext2fs">
! 		<policy label="" root="/" writeable="yes"/>
! 	</config>
! 	<route>
! 		<service name="Block"> <child name="rump_cgd"/> </service>
! 		<any-service> <parent/> <any-child/> </any-service>
! 	</route>
! </start>

Since 'tool/rump' just utilizes the rumpkernel running on the host
system to do its duty there is a script called 'tool/cgdconf' that
extracts the key from a 'cgdconfig(8)' generated configuration file
and also is able to generade such a file from a given key. Thereby
the interoperabilty between 'rump_cgd' and the general rumpkernel
based tools is secured.
2014-05-27 11:14:45 +02:00
Josef Söntgen
c04ddbf6d8 dde_rump: move memcpy() to rump lib
On ARM in one way or another 'string.h' prototypes will be used. Move
the definitions from rump_fs to the rump library because it is needed
by all rump based servers running on ARM.

Issue #1141.
2014-05-27 11:14:45 +02:00
Norman Feske
ca971bbfd8 Move repositories to 'repos/' subdirectory
This patch changes the top-level directory layout as a preparatory
step for improving the tools for managing 3rd-party source codes.
The rationale is described in the issue referenced below.

Issue #1082
2014-05-14 16:08:00 +02:00