mirror of
https://github.com/genodelabs/genode.git
synced 2025-01-28 07:04:14 +00:00
20d8655a7f
Genode used to create new processes by directly forking from the respective Genode parent using the process library. The forking process created a PD session at core merely for propagating the PID of the new process into core (for later destruction). This traditional mechanisms has the following disadvantages: First, the PID reported by the creating process to core cannot easily be validated by core. Therefore core has to trust the PD client to not specify a PID of an existing process, which would happen to be killed once the PD session gets destructed. This problem is documented by issue #318. Second, there is no way for a Genode process to detect the failure of its any grandchildren. The immediate parent of a faulting process could use the SIGCHLD-and-waitpid mechanism to observe its children but this mechanism does not work transitively. By performing the process creation exclusively within core, all Genode processes become immediate child processes of core. Hence, core can respond to failures of any of those processes and reflect such conditions via core's session interfaces. Furthermore, the PID associated to a PD session is locally known within core and cannot be forged anymore. In fact, there is actually no need at all to make processes aware of any PIDs of other processes. Please note that this patch breaks the 'chroot' mechanism that comes in the form of the 'os/src/app/chroot' program. Because all processes are forked from core, a chroot'ed process could sneak outside its chroot environment by just creating a new Genode process. To address this issue, the chroot mechanism must be added to core.
83 lines
2.4 KiB
C++
83 lines
2.4 KiB
C++
/*
|
|
* \brief Client-side CPU session interface
|
|
* \author Norman Feske
|
|
* \date 2012-08-09
|
|
*/
|
|
|
|
/*
|
|
* Copyright (C) 2006-2012 Genode Labs GmbH
|
|
*
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
* under the terms of the GNU General Public License version 2.
|
|
*/
|
|
|
|
#ifndef _INCLUDE__LINUX_CPU_SESSION__CLIENT_H_
|
|
#define _INCLUDE__LINUX_CPU_SESSION__CLIENT_H_
|
|
|
|
#include <linux_cpu_session/linux_cpu_session.h>
|
|
#include <base/rpc_client.h>
|
|
|
|
namespace Genode {
|
|
|
|
struct Linux_cpu_session_client : Rpc_client<Linux_cpu_session>
|
|
{
|
|
explicit Linux_cpu_session_client(Capability<Linux_cpu_session> session)
|
|
: Rpc_client<Linux_cpu_session>(session) { }
|
|
|
|
Thread_capability create_thread(Name const &name, addr_t utcb = 0) {
|
|
return call<Rpc_create_thread>(name, utcb); }
|
|
|
|
Ram_dataspace_capability utcb(Thread_capability thread) {
|
|
return call<Rpc_utcb>(thread); }
|
|
|
|
void kill_thread(Thread_capability thread) {
|
|
call<Rpc_kill_thread>(thread); }
|
|
|
|
int set_pager(Thread_capability thread, Pager_capability pager) {
|
|
return call<Rpc_set_pager>(thread, pager); }
|
|
|
|
int start(Thread_capability thread, addr_t ip, addr_t sp) {
|
|
return call<Rpc_start>(thread, ip, sp); }
|
|
|
|
void pause(Thread_capability thread) {
|
|
call<Rpc_pause>(thread); }
|
|
|
|
void resume(Thread_capability thread) {
|
|
call<Rpc_resume>(thread); }
|
|
|
|
void cancel_blocking(Thread_capability thread) {
|
|
call<Rpc_cancel_blocking>(thread); }
|
|
|
|
int state(Thread_capability thread, Thread_state *dst_state) {
|
|
return call<Rpc_state>(thread, dst_state); }
|
|
|
|
void exception_handler(Thread_capability thread, Signal_context_capability handler) {
|
|
call<Rpc_exception_handler>(thread, handler); }
|
|
|
|
void single_step(Thread_capability thread, bool enable) {
|
|
call<Rpc_single_step>(thread, enable); }
|
|
|
|
unsigned num_cpus() const {
|
|
return call<Rpc_num_cpus>(); }
|
|
|
|
void affinity(Thread_capability thread, unsigned cpu) {
|
|
call<Rpc_affinity>(thread, cpu); }
|
|
|
|
|
|
/*****************************
|
|
* Linux-specific extension **
|
|
*****************************/
|
|
|
|
void thread_id(Thread_capability thread, int pid, int tid) {
|
|
call<Rpc_thread_id>(thread, pid, tid); }
|
|
|
|
Untyped_capability server_sd(Thread_capability thread) {
|
|
return call<Rpc_server_sd>(thread); }
|
|
|
|
Untyped_capability client_sd(Thread_capability thread) {
|
|
return call<Rpc_client_sd>(thread); }
|
|
};
|
|
}
|
|
|
|
#endif /* _INCLUDE__LINUX_CPU_SESSION__CLIENT_H_ */
|