mirror of
https://github.com/genodelabs/genode.git
synced 2025-04-08 20:05:54 +00:00
132569d12b
On Linux, Genode used to represent each RPC object by a socket descriptor of the receiving thread (entrypoint) and a globally-unique value that identifies the object. Because the latter was transferred as plain message payload, clients had to be trusted to not forge the values. For this reason, Linux could not be considered as a productive Genode base platform but remained merely a development vehicle. This patch changes the RPC mechanism such that each RPC object is represented by a dedicated socket pair. Entrypoints wait on a set of the local ends of the socket pairs of all RPC objects managed by the respective entrypoint. The epoll kernel interface is used as the underlying mechanism to wait for a set of socket descriptors at the server side. When delegating a capability, the remote end of the socket pair is transferred to the recipient along with a plaintext copy of the socket-descriptor value of the local end. The latter value serves as a hint for re-identifiying a capability whenever it is delegated back to its origin. Note that the client is not trusted to preserve this information. The integrity of the hint value is protected by comparing the inode values of incoming and already present capablities at the originating site (whenever the capability is invoked or presented to the owner of the RPC object). The new mechanism effectively equips base-linux with Genode's capablity model as described in the Chapter 3 of the Genode Foundations book. That said, the sandboxing of components cannot be assumed at this point because each component has still direct access to the Linux system-call interface. This patch is based on the extensive exploration work conducted by Stefan Thoeni who strongly motivated the inclusion of this feature into Genode. Issue #3581
=================================
Genode Operating System Framework
=================================
This is the source tree of the reference implementation of the Genode OS
architecture. For a general overview about the architecture, please refer to
the project's official website:
:Official project website for the Genode OS Framework:
[https://genode.org/documentation/general-overview]
The current implementation can be compiled for 8 different kernels: Linux,
L4ka::Pistachio, L4/Fiasco, OKL4, NOVA, Fiasco.OC, seL4, and a custom
kernel for running Genode directly on ARM-based hardware. Whereas the Linux
version serves us as development vehicle and enables us to rapidly develop the
generic parts of the system, the actual target platforms of the framework are
microkernels. There is no "perfect" microkernel - and neither should there be
one. If a microkernel pretended to be fit for all use cases, it wouldn't be
"micro". Hence, all microkernels differ in terms of their respective features,
complexity, and supported hardware architectures.
Genode allows the use of each of the kernels listed above with a rich set of
device drivers, protocol stacks, libraries, and applications in a uniform way.
For developers, the framework provides an easy way to target multiple different
kernels instead of tying the development to a particular kernel technology. For
kernel developers, Genode contributes advanced workloads, stress-testing their
kernel, and enabling a variety of application use cases that would not be
possible otherwise. For users and system integrators, it enables the choice of
the kernel that fits best with the requirements at hand for the particular
usage scenario.
Documentation
#############
The primary documentation is the book "Genode Foundations", which is available
on the front page of Genode website:
:Download the book "Genode Foundations":
[https://genode.org]
The book describes Genode in a holistic and comprehensive way. It equips you
with a thorough understanding of the architecture, assists developers with the
explanation of the development environment and system configuration, and
provides a look under the hood of the framework. Furthermore, it contains the
specification of the framework's programming interface.
The project has a quarterly release cycle. Each version is accompanied with
detailed release documentation, which is available at the documentation
section of the project website:
:Release documentation:
[https://genode.org/documentation/release-notes/]
Directory overview
##################
The source tree is composed of the following subdirectories:
:'doc':
This directory contains general documentation. Please consider the following
document for a quick guide to get started with the framework:
! doc/getting_started.txt
If you are curious about the ready-to-use components that come with the
framework, please review the components overview:
! doc/components.txt
:'repos':
This directory contains the so-called source-code repositories of Genode.
Please refer to the README file in the 'repos' directory to learn more
about the roles of the individual repositories.
:'tool':
Source-code management tools and scripts. Please refer to the README file
contained in the directory.
:'depot' and 'public':
Local depot and public archive of Genode packages. Please refer to
! doc/depot.txt
for more details.
Additional community-maintained components
##########################################
The components found within the main source tree are complemented by a growing
library of additional software, which can be seamlessly integrated into Genode
system scenarios.
:Genode-world repository:
[https://github.com/genodelabs/genode-world]
Contact
#######
The best way to get in touch with Genode developers and users is the project's
mailing list. Please feel welcome to join in!
:Genode Mailing Lists:
[https://genode.org/community/mailing-lists]
Commercial support
##################
The driving force behind the Genode OS Framework is the German company Genode
Labs. The company offers commercial licensing, trainings, support, and
contracted development work:
:Genode Labs website:
[https://www.genode-labs.com]