ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-01-19 11:16:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
ed0cc5330e
genode/repos/base/include/base/quota_transfer.h
Norman Feske 5ed5fddb7c base/os: remove deprecated APIs 
This commit removes APIs that were previously marked as deprecated. This
change has the following implications:

- The use of the global 'env()' accessor is not possible anymore.
- Boolean accessor methods are no longer prefixed with 'is_'. E.g.,
  instead of 'is_valid()', use 'valid()'.
- The last traces of 'Ram_session' are gone now. The 'Env::ram()'
  accessor returns the 'Ram_allocator' interface, which is a subset of
  the 'Pd_session' interface.
- All connection constructors need the 'Env' as argument.
- The 'Reporter' constructor needs an 'Env' argument now because the
  reporter creates a report connection.
- The old overload 'Child_policy::resolve_session_request' that returned
  a 'Service' does not exist anymore.
- The base/printf.h header has been removed, use base/log.h instead.
- The old notion of 'Signal_dispatcher' is gone. Use 'Signal_handler'.
- Transitional headers like os/server.h, cap_session/,
  volatile_object.h, os/attached*_dataspace.h, signal_rpc_dispatcher.h
  have been removed.
- The distinction between 'Thread_state' and 'Thread_state_base' does
  not exist anymore.
- The header cpu_thread/capability.h along with the type definition of
  'Cpu_thread_capability' has been removed. Use the type
  'Thread_capability' define in cpu_session/cpu_session.h instead.
- Several XML utilities (i.e., at os/include/decorator) could be removed
  because their functionality is nowadays covered by util/xml_node.h.
- The 'os/ram_session_guard.h' has been removed.
  Use 'Constrained_ram_allocator' provided by base/ram_allocator.h instead.

Issue #1987
2019-02-26 14:44:15 +01:00

154 lines
3.9 KiB
C++
Raw Blame History

/*
* \brief Utility for implementing transactional quota transfers
* \author Norman Feske
* \date 2017-04-28
*/
/*
* Copyright (C) 2017 Genode Labs GmbH
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU Affero General Public License version 3.
*/
#ifndef _INCLUDE__BASE__QUOTA_TRANSFER_H_
#define _INCLUDE__BASE__QUOTA_TRANSFER_H_
#include <base/capability.h>
#include <pd_session/pd_session.h>
namespace Genode {
template <typename SESSION, typename UNIT> class Quota_transfer;
typedef Quota_transfer<Pd_session, Ram_quota> Ram_transfer;
typedef Quota_transfer<Pd_session, Cap_quota> Cap_transfer;
}
/**
* Guard for transferring quota donation
*
* This class template is used to transfer quotas in a transactional way.
* Establishing a new session involves several steps, in particular subsequent
* quota transfers. If one intermediate step fails, we need to revert all quota
* transfers that already took place. When instantiated at a local scope, a
* transfer object guards a quota transfer. If the scope is left without an
* explicit prior acknowledgement of the transfer (for example via an
* exception), the destructor the transfer object reverts the transfer in
* flight.
*/
template <typename SESSION, typename UNIT>
class Genode::Quota_transfer
{
public:
class Quota_exceeded : Exception { };
struct Account : Noncopyable, Interface
{
/**
* Return capability used for transfers to the account
*
* The 'UNIT' argument is solely used as an overload selector
* to disambiguate the 'cap' methods of multiple inherited
* 'Account' types (as done by 'Service').
*/
virtual Capability<SESSION> cap(UNIT) const
{
return Capability<SESSION>();
}
/**
* Transfer quota to the specified account
*
* \throw Out_of_ram
* \throw Out_of_caps
* \throw Invalid_session
* \throw Undefined_ref_account
*/
virtual void transfer(Capability<SESSION>, UNIT) { }
/**
* Try to transfer quota, ignoring possible exceptions
*
* This method is solely meant to be used in destructors.
*/
void try_transfer(Capability<SESSION> to, UNIT amount)
{
try { transfer(to, amount); } catch (...) { }
}
};
/**
* Account implementation that issues quota transfers via RPC
*/
struct Remote_account : Account
{
Capability<SESSION> _cap;
SESSION &_session;
Remote_account(SESSION &session, Capability<SESSION> cap)
: _cap(cap), _session(session) { }
Capability<SESSION> cap(UNIT) const override { return _cap; }
void transfer(Capability<SESSION> to, UNIT amount) override
{
if (to.valid()) _session.transfer_quota(to, amount);
}
};
private:
bool _ack;
UNIT const _amount;
Account &_from;
Account &_to;
public:
/**
* Constructor
*
* \param amount amount of quota to transfer
* \param from donor account
* \param to receiving account
*/
Quota_transfer(UNIT amount, Account &from, Account &to)
:
_ack(false), _amount(amount), _from(from), _to(to)
{
if (!_from.cap(UNIT()).valid() || !_to.cap(UNIT()).valid())
return;
try { _from.transfer(_to.cap(UNIT()), amount); }
catch (typename SESSION::Undefined_ref_account) { }
catch (typename SESSION::Invalid_session) { }
catch (... /* 'Out_of_ram' / 'Out_of_caps' */) {
throw Quota_exceeded(); }
}
/**
* Destructor
*
* The destructor will be called when leaving the scope of the
* 'session' function. If the scope is left because of an error
* (e.g., an exception), the donation will be reverted.
*/
~Quota_transfer()
{
if (_ack || !_from.cap(UNIT()).valid() || !_to.cap(UNIT()).valid())
return;
_to.try_transfer(_from.cap(UNIT()), _amount);
}
/**
* Acknowledge quota donation
*/
void acknowledge() { _ack = true; }
};
#endif /* _INCLUDE__BASE__QUOTA_TRANSFER_H_ */
Reference in New Issue View Git Blame Copy Permalink