Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src Move sysproxy support into a separate component, rumpkern_sy...
details: https://anonhg.NetBSD.org/src/rev/3daa6ddbaff1
branches: trunk
changeset: 805604:3daa6ddbaff1
user: pooka <pooka%NetBSD.org@localhost>
date: Wed Jan 07 22:24:03 2015 +0000
description:
Move sysproxy support into a separate component, rumpkern_sysproxy,
instead of it being always provided by the rump kernel base. This
move accomplishes two things:
1) it is no longer necessary to provide sysproxy hypercall stubs for
platforms which do not want to use sysproxy
2) it is easier to reason about the security aspects, since configurations
not linking the sysproxy component simply do not support remote
system calls
discussed on rumpkernel-users
diffstat:
sys/rump/kern/Makefile.rumpkerncomp | 4 +-
sys/rump/kern/lib/libsysproxy/Makefile | 11 +
sys/rump/kern/lib/libsysproxy/sysproxy.c | 212 ++++++++++++++++++++++++
sys/rump/librump/rumpkern/Makefile.rumpkern | 4 +-
sys/rump/librump/rumpkern/rump.c | 44 ++++-
sys/rump/librump/rumpkern/rump_private.h | 60 +++++-
sys/rump/librump/rumpkern/sysproxy.c | 246 ----------------------------
tests/dev/md/Makefile | 5 +-
tests/fs/ffs/Makefile | 5 +-
tests/fs/vfs/Makefile | 5 +-
tests/rump/rumpkern/h_server/Makefile | 4 +-
usr.bin/rump_server/Makefile | 5 +-
12 files changed, 323 insertions(+), 282 deletions(-)
diffs (truncated from 754 to 300 lines):
diff -r 63f98c1ee438 -r 3daa6ddbaff1 sys/rump/kern/Makefile.rumpkerncomp
--- a/sys/rump/kern/Makefile.rumpkerncomp Wed Jan 07 20:50:36 2015 +0000
+++ b/sys/rump/kern/Makefile.rumpkerncomp Wed Jan 07 22:24:03 2015 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.rumpkerncomp,v 1.10 2014/04/02 19:37:17 pooka Exp $
+# $NetBSD: Makefile.rumpkerncomp,v 1.11 2015/01/07 22:24:03 pooka Exp $
#
.include <bsd.own.mk>
-RUMPKERNCOMPS= crypto tty z
+RUMPKERNCOMPS= crypto sysproxy tty z
.if ${MKSLJIT} != "no"
RUMPKERNCOMPS+= sljit
diff -r 63f98c1ee438 -r 3daa6ddbaff1 sys/rump/kern/lib/libsysproxy/Makefile
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/rump/kern/lib/libsysproxy/Makefile Wed Jan 07 22:24:03 2015 +0000
@@ -0,0 +1,11 @@
+# $NetBSD: Makefile,v 1.1 2015/01/07 22:24:04 pooka Exp $
+#
+
+LIB= rumpkern_sysproxy
+
+SRCS= sysproxy.c
+
+CPPFLAGS+= -I${RUMPTOP}/librump/rumpkern
+
+.include <bsd.lib.mk>
+.include <bsd.klinks.mk>
diff -r 63f98c1ee438 -r 3daa6ddbaff1 sys/rump/kern/lib/libsysproxy/sysproxy.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sys/rump/kern/lib/libsysproxy/sysproxy.c Wed Jan 07 22:24:03 2015 +0000
@@ -0,0 +1,212 @@
+/* $NetBSD: sysproxy.c,v 1.1 2015/01/07 22:24:04 pooka Exp $ */
+
+/*
+ * Copyright (c) 2010, 2011 Antti Kantee. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <sys/cdefs.h>
+__KERNEL_RCSID(0, "$NetBSD: sysproxy.c,v 1.1 2015/01/07 22:24:04 pooka Exp $");
+
+#include <sys/param.h>
+#include <sys/filedesc.h>
+#include <sys/kmem.h>
+#include <sys/syscall.h>
+#include <sys/syscallvar.h>
+#include <sys/systm.h>
+#include <sys/xcall.h>
+
+#define _RUMP_SYSPROXY
+#include <rump/rumpuser.h>
+
+#include "rump_private.h"
+
+int
+rump_init_server(const char *url)
+{
+
+ return rumpuser_sp_init(url, ostype, osrelease, MACHINE);
+}
+
+static pid_t
+hyp_getpid(void)
+{
+
+ return curproc->p_pid;
+}
+
+static int
+hyp_syscall(int num, void *arg, long *retval)
+{
+ register_t regrv[2] = {0, 0};
+ struct lwp *l;
+ struct sysent *callp;
+ int rv;
+
+ if (__predict_false(num >= SYS_NSYSENT))
+ return ENOSYS;
+
+ /* XXX: always uses native syscall vector */
+ callp = rump_sysent + num;
+ l = curlwp;
+ rv = sy_invoke(callp, l, (void *)arg, regrv, num);
+ retval[0] = regrv[0];
+ retval[1] = regrv[1];
+
+ return rv;
+}
+
+static int
+hyp_rfork(void *priv, int flags, const char *comm)
+{
+ struct vmspace *newspace;
+ struct proc *p;
+ struct lwp *l;
+ int error;
+ bool initfds;
+
+ /*
+ * If we are forking off of pid 1, initialize file descriptors.
+ */
+ l = curlwp;
+ if (l->l_proc->p_pid == 1) {
+ KASSERT(flags == RUMP_RFFD_CLEAR);
+ initfds = true;
+ } else {
+ initfds = false;
+ }
+
+ if ((error = rump_lwproc_rfork(flags)) != 0)
+ return error;
+
+ /*
+ * We forked in this routine, so cannot use curlwp (const)
+ */
+ l = rump_lwproc_curlwp();
+ p = l->l_proc;
+
+ /*
+ * Since it's a proxy proc, adjust the vmspace.
+ * Refcount will eternally be 1.
+ */
+ newspace = kmem_zalloc(sizeof(*newspace), KM_SLEEP);
+ newspace->vm_refcnt = 1;
+ newspace->vm_map.pmap = priv;
+ KASSERT(p->p_vmspace == vmspace_kernel());
+ p->p_vmspace = newspace;
+ if (comm)
+ strlcpy(p->p_comm, comm, sizeof(p->p_comm));
+ if (initfds)
+ rump_consdev_init();
+
+ return 0;
+}
+
+/*
+ * Order all lwps in a process to exit. does *not* wait for them to drain.
+ */
+static void
+hyp_lwpexit(void)
+{
+ struct proc *p = curproc;
+ uint64_t where;
+ struct lwp *l;
+
+ mutex_enter(p->p_lock);
+ /*
+ * First pass: mark all lwps in the process with LW_RUMP_QEXIT
+ * so that they know they should exit.
+ */
+ LIST_FOREACH(l, &p->p_lwps, l_sibling) {
+ if (l == curlwp)
+ continue;
+ l->l_flag |= LW_RUMP_QEXIT;
+ }
+ mutex_exit(p->p_lock);
+
+ /*
+ * Next, make sure everyone on all CPUs sees our status
+ * update. This keeps threads inside cv_wait() and makes
+ * sure we don't access a stale cv pointer later when
+ * we wake up the threads.
+ */
+
+ where = xc_broadcast(0, (xcfunc_t)nullop, NULL, NULL);
+ xc_wait(where);
+
+ /*
+ * Ok, all lwps are either:
+ * 1) not in the cv code
+ * 2) sleeping on l->l_private
+ * 3) sleeping on p->p_waitcv
+ *
+ * Either way, l_private is stable until we set PS_RUMP_LWPEXIT
+ * in p->p_sflag.
+ */
+
+ mutex_enter(p->p_lock);
+ LIST_FOREACH(l, &p->p_lwps, l_sibling) {
+ if (l->l_private)
+ cv_broadcast(l->l_private);
+ }
+ p->p_sflag |= PS_RUMP_LWPEXIT;
+ cv_broadcast(&p->p_waitcv);
+ mutex_exit(p->p_lock);
+}
+
+/*
+ * Notify process that all threads have been drained and exec is complete.
+ */
+static void
+hyp_execnotify(const char *comm)
+{
+ struct proc *p = curproc;
+
+ fd_closeexec();
+ mutex_enter(p->p_lock);
+ KASSERT(p->p_nlwps == 1 && p->p_sflag & PS_RUMP_LWPEXIT);
+ p->p_sflag &= ~PS_RUMP_LWPEXIT;
+ mutex_exit(p->p_lock);
+ strlcpy(p->p_comm, comm, sizeof(p->p_comm));
+}
+
+/*
+ * Initialize interface pointers since component is present.
+ */
+RUMP_COMPONENT(RUMP_COMPONENT_KERN)
+{
+
+ rump_sysproxy_ops.rspo_copyin = rumpuser_sp_copyin;
+ rump_sysproxy_ops.rspo_copyinstr = rumpuser_sp_copyinstr;
+ rump_sysproxy_ops.rspo_copyout = rumpuser_sp_copyout;
+ rump_sysproxy_ops.rspo_copyoutstr = rumpuser_sp_copyoutstr;
+ rump_sysproxy_ops.rspo_anonmmap = rumpuser_sp_anonmmap;
+ rump_sysproxy_ops.rspo_raise = rumpuser_sp_raise;
+ rump_sysproxy_ops.rspo_fini = rumpuser_sp_fini;
+
+ rump_sysproxy_ops.rspo_hyp_getpid = hyp_getpid;
+ rump_sysproxy_ops.rspo_hyp_syscall = hyp_syscall;
+ rump_sysproxy_ops.rspo_hyp_rfork = hyp_rfork;
+ rump_sysproxy_ops.rspo_hyp_lwpexit = hyp_lwpexit;
+ rump_sysproxy_ops.rspo_hyp_execnotify = hyp_execnotify;
+}
diff -r 63f98c1ee438 -r 3daa6ddbaff1 sys/rump/librump/rumpkern/Makefile.rumpkern
--- a/sys/rump/librump/rumpkern/Makefile.rumpkern Wed Jan 07 20:50:36 2015 +0000
+++ b/sys/rump/librump/rumpkern/Makefile.rumpkern Wed Jan 07 22:24:03 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile.rumpkern,v 1.152 2015/01/03 17:23:51 pooka Exp $
+# $NetBSD: Makefile.rumpkern,v 1.153 2015/01/07 22:24:04 pooka Exp $
#
.include "${RUMPTOP}/Makefile.rump"
@@ -28,7 +28,7 @@
SRCS+= rump.c rumpcopy.c cons.c emul.c etfs_wrap.c intr.c \
lwproc.c klock.c kobj_rename.c ltsleep.c scheduler.c \
signals.c sleepq.c threads.c vm.c hyperentropy.c \
- accessors.c sysproxy.c
+ accessors.c
SRCS+= rumpkern_syscalls.c
diff -r 63f98c1ee438 -r 3daa6ddbaff1 sys/rump/librump/rumpkern/rump.c
--- a/sys/rump/librump/rumpkern/rump.c Wed Jan 07 20:50:36 2015 +0000
+++ b/sys/rump/librump/rumpkern/rump.c Wed Jan 07 22:24:03 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: rump.c,v 1.314 2015/01/04 22:11:40 pooka Exp $ */
+/* $NetBSD: rump.c,v 1.315 2015/01/07 22:24:04 pooka Exp $ */
/*
* Copyright (c) 2007-2011 Antti Kantee. All Rights Reserved.
@@ -26,7 +26,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rump.c,v 1.314 2015/01/04 22:11:40 pooka Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rump.c,v 1.315 2015/01/07 22:24:04 pooka Exp $");
#include <sys/systm.h>
#define ELFSIZE ARCH_ELFSIZE
@@ -149,6 +149,21 @@
CTL_HW, HW_PAGESIZE, CTL_EOL);
}
+static pid_t rspo_wrap_getpid(void) {
+ return rump_sysproxy_hyp_getpid();
+}
+static int rspo_wrap_syscall(int num, void *arg, long *retval) {
+ return rump_sysproxy_hyp_syscall(num, arg, retval);
+}
+static int rspo_wrap_rfork(void *priv, int flag, const char *comm) {
+ return rump_sysproxy_hyp_rfork(priv, flag, comm);
+}
+static void rspo_wrap_lwpexit(void) {
+ rump_sysproxy_hyp_lwpexit();
+}
+static void rspo_wrap_execnotify(const char *comm) {
+ rump_sysproxy_hyp_execnotify(comm);
Home |
Main Index |
Thread Index |
Old Index