Re: Unprivileged Subhurds
On Wed, Nov 12, 2014 at 04:49:07PM +0100, Justus Winter wrote: > Overall it's looking good, time to get the discussion going. What privilege is required to request these notifications ? -- Richard Braun
Re: Unprivileged Subhurds
Quoting Richard Braun (2014-11-13 11:30:20) > On Wed, Nov 12, 2014 at 04:49:07PM +0100, Justus Winter wrote: > > Overall it's looking good, time to get the discussion going. > > What privilege is required to request these notifications ? Possession of the privileged host control port, and it is only possible to register for these notifications once. Justus
Re: Unprivileged Subhurds
On Thu, Nov 13, 2014 at 12:09:03PM +0100, Justus Winter wrote: > Possession of the privileged host control port, and it is only > possible to register for these notifications once. How does this recurse in the subhurd ? -- Richard Braun
Re: Unprivileged Subhurds
Quoting Richard Braun (2014-11-13 12:25:14) > On Thu, Nov 13, 2014 at 12:09:03PM +0100, Justus Winter wrote: > > Possession of the privileged host control port, and it is only > > possible to register for these notifications once. > > How does this recurse in the subhurd ? Well, the proc server registers for these notifications. I'll add this RPC to the process protocol: /* Create a new task namespace. PROCESS claims the responsibility to manage all tasks in this namespace. Any task created in this namespace will automatically be declared a child of PROCESS, and a `mach_notify_new_task' message is sent to NOTIFY. If PROCESS dies, the proc server will terminate all tasks in the namespace. */ routine proc_make_task_namespace ( process: process_t; notify: mach_port_send_t); `boot' will use this call to create a task namespace, and from that point on the proc server will relay the notifications for all tasks in that namespace to `boot', which will keep a list of these task ports so that it can implement `S_processor_set_tasks'. Justus
[PATCH hurd 1/5] Makeconf: handle the task_notify protocol
* Makeconf (mach_defs_names): Add `task_notify'. --- Makeconf | 1 + 1 file changed, 1 insertion(+) diff --git a/Makeconf b/Makeconf index f0d3fe3..5439913 100644 --- a/Makeconf +++ b/Makeconf @@ -577,6 +577,7 @@ mach_defs_names = bootstrap exc mach mach4 \ mach_host mach_port mach_timer_reply memory_object \ memory_object_default notify \ gnumach \ + task_notify \ mach_debug_defs_names = mach_debug device_defs_names = dev_forward device device_reply device_request -- 2.1.1
[PATCH hurd 3/5] proc: implement `proc_make_task_namespace'
* proc/proc.h (struct proc): Add field `p_task_namespace'.
* proc/mgt.c (S_proc_child): Propagate `p_task_namespace' to child.
(allocate_proc): Initialize `p_task_namespace'.
(namespace_terminate): New function.
(process_has_exited): Reparent children of dead tasks in the namespace
to the root process. Terminate all tasks if the root process dies.
Reap dead tasks.
(S_mach_notify_new_task): For newly created tasks thats parent is in a
namespace, call S_proc_child and forward the `mach_notify_new_task'
message.
(S_proc_make_task_namespace): New function.
---
proc/mgt.c | 112 +++-
proc/proc.h | 4 +++
2 files changed, 107 insertions(+), 9 deletions(-)
diff --git a/proc/mgt.c b/proc/mgt.c
index 32408ae..bf400ba 100644
--- a/proc/mgt.c
+++ b/proc/mgt.c
@@ -220,6 +220,13 @@ S_proc_child (struct proc *parentp,
childp->end_code = parentp->end_code;
}
+ if (MACH_PORT_VALID (parentp->p_task_namespace))
+{
+ mach_port_mod_refs (mach_task_self (), parentp->p_task_namespace,
+ MACH_PORT_RIGHT_SEND, +1);
+ childp->p_task_namespace = parentp->p_task_namespace;
+}
+
return 0;
}
@@ -577,6 +584,7 @@ allocate_proc (task_t task)
memset (&p->p_pi + 1, 0, sizeof *p - sizeof p->p_pi);
p->p_task = task;
+ p->p_task_namespace = MACH_PORT_NULL;
p->p_msgport = MACH_PORT_NULL;
pthread_cond_init (&p->p_wakeup, NULL);
@@ -721,6 +729,16 @@ new_proc (task_t task)
return p;
}
+/* Used with prociterate to terminate all tasks in a task
+ namespace. */
+static void
+namespace_terminate (struct proc *p, void *cookie)
+{
+ mach_port_t *namespacep = cookie;
+ if (p->p_task_namespace == *namespacep)
+task_terminate (p->p_task);
+}
+
/* The task associated with process P has died. Drop most state,
and then record us as dead. Our parent will eventually complete the
deallocation. */
@@ -751,13 +769,39 @@ process_has_exited (struct proc *p)
ids_rele (p->p_id);
- /* Reparent our children to init by attaching the head and tail
- of our list onto init's. */
+ /* Reparent our children to init by attaching the head and tail of
+ our list onto init's. If the process is part of a task
+ namespace, reparent to the process that created the namespace
+ instead. */
if (p->p_ochild)
{
+ struct proc *reparent_to = init_proc;
struct proc *tp; /* will point to the last one. */
int isdead = 0;
+ if (MACH_PORT_VALID (p->p_task_namespace))
+ {
+ for (tp = p;
+ MACH_PORT_VALID (tp->p_parent->p_task_namespace);
+ tp = tp->p_parent)
+ {
+ /* Walk up the process hierarchy until we find the
+creator of the task namespace. */
+ }
+
+ if (p == tp)
+ {
+ /* The creator of the task namespace died. Terminate
+all tasks. */
+ prociterate (namespace_terminate, &p->p_task_namespace);
+
+ mach_port_deallocate (mach_task_self (), p->p_task_namespace);
+ p->p_task_namespace = MACH_PORT_NULL;
+ }
+ else
+ reparent_to = tp;
+ }
+
/* first tell them their parent is changing */
for (tp = p->p_ochild; tp->p_sib; tp = tp->p_sib)
{
@@ -765,7 +809,7 @@ process_has_exited (struct proc *p)
nowait_msg_proc_newids (tp->p_msgport, tp->p_task,
1, tp->p_pgrp->pg_pgid,
!tp->p_pgrp->pg_orphcnt);
- tp->p_parent = init_proc;
+ tp->p_parent = reparent_to;
if (tp->p_dead)
isdead = 1;
}
@@ -773,17 +817,17 @@ process_has_exited (struct proc *p)
nowait_msg_proc_newids (tp->p_msgport, tp->p_task,
1, tp->p_pgrp->pg_pgid,
!tp->p_pgrp->pg_orphcnt);
- tp->p_parent = init_proc;
+ tp->p_parent = reparent_to;
/* And now append the lists. */
- tp->p_sib = init_proc->p_ochild;
+ tp->p_sib = reparent_to->p_ochild;
if (tp->p_sib)
tp->p_sib->p_prevsib = &tp->p_sib;
- init_proc->p_ochild = p->p_ochild;
- p->p_ochild->p_prevsib = &init_proc->p_ochild;
+ reparent_to->p_ochild = p->p_ochild;
+ p->p_ochild->p_prevsib = &reparent_to->p_ochild;
if (isdead)
- alert_parent (init_proc);
+ alert_parent (reparent_to);
}
/* If an operation is in progress for this process, cause it
@@ -795,6 +839,23 @@ process_has_exited (struct proc *p)
/* Cancel any outstanding RPCs done on behalf of the dying process. */
ports_interrupt_rpcs (p);
+
+ /* No one is going to wait for processes in a task namespace. */
+ if (MACH_PORT_VALID (p->p_task_namespace))
+{
+ mach_port_t task;
+ mach_port_deallocate (mach_task_self (), p->p_task_namespace);
+ p->p_waited = 1;
[PATCH hurd 4/5] hurd: add `proc_make_task_namespace'
Add a new RPC to the process protocol to create task namespaces. These can be used by an unprivileged process to claims the responsibility to manage all tasks in this namespace. Any task created in this namespace will automatically be declared a child of the root process, and a `mach_notify_new_task' message is sent to a given port. If the root process dies, the proc server will terminate all tasks in the namespace. * hurd/process.defs (proc_make_task_namespace): New RPC. --- hurd/process.defs | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/hurd/process.defs b/hurd/process.defs index 498faba..4ceb69e 100644 --- a/hurd/process.defs +++ b/hurd/process.defs @@ -1,5 +1,5 @@ /* Definitions for process server interface - Copyright (C) 1992,93,94,95,96,97,2001,2013 Free Software Foundation + Copyright (C) 1992,93,94,95,96,97,2001,13,14 Free Software Foundation This file is part of the GNU Hurd. @@ -404,3 +404,12 @@ routine proc_get_code ( process: process_t; out start_code: vm_address_t; out end_code: vm_address_t); + +/* Create a new task namespace. PROCESS claims the responsibility to + manage all tasks in this namespace. Any task created in this + namespace will automatically be declared a child of PROCESS, and a + `mach_notify_new_task' message is sent to NOTIFY. If PROCESS dies, + the proc server will terminate all tasks in the namespace. */ +routine proc_make_task_namespace ( + process: process_t; + notify: mach_port_send_t); -- 2.1.1
[PATCH hurd 2/5] proc: register for new task notifications
* proc/Makefile (MIGSTUBS): Add `gnumachServer.o'.
* proc/main.c (message_demuxer): Handle the `task_notify' protocol.
(main): Register for new task notificatinos.
* proc/mgt.c (S_mach_notify_new_task): Add server function.
---
proc/Makefile | 4 +++-
proc/main.c | 11 ++-
proc/mgt.c| 35 ++-
3 files changed, 47 insertions(+), 3 deletions(-)
diff --git a/proc/Makefile b/proc/Makefile
index aa31ffb..2275a66 100644
--- a/proc/Makefile
+++ b/proc/Makefile
@@ -27,9 +27,11 @@ SRCS = wait.c hash.c host.c info.c main.c mgt.c
notify.c pgrp.c msg.c \
MIGSFLAGS = -imacros $(srcdir)/mig-mutate.h
MIGSTUBS = processServer.o notifyServer.o \
- ourmsgUser.o proc_excUser.o proc_excServer.o
+ ourmsgUser.o proc_excUser.o proc_excServer.o \
+ task_notifyServer.o
OBJS = $(SRCS:.c=.o) $(MIGSTUBS)
HURDLIBS = ihash ports shouldbeinlibc
+
OTHERLIBS = -lpthread
include ../Makeconf
diff --git a/proc/main.c b/proc/main.c
index 3419d44..b4288fb 100644
--- a/proc/main.c
+++ b/proc/main.c
@@ -31,6 +31,7 @@ the Free Software Foundation, 675 Mass Ave, Cambridge, MA
02139, USA. */
#include
#include "proc.h"
+#include "gnumach_U.h"
const char *argp_program_version = STANDARD_HURD_VERSION (proc);
@@ -38,6 +39,7 @@ const char *argp_program_version = STANDARD_HURD_VERSION
(proc);
#include "notify_S.h"
#include "../libports/interrupt_S.h"
#include "proc_exc_S.h"
+#include "task_notify_S.h"
int
message_demuxer (mach_msg_header_t *inp,
@@ -47,7 +49,8 @@ message_demuxer (mach_msg_header_t *inp,
if ((routine = process_server_routine (inp)) ||
(routine = notify_server_routine (inp)) ||
(routine = ports_interrupt_server_routine (inp)) ||
- (routine = proc_exc_server_routine (inp)))
+ (routine = proc_exc_server_routine (inp)) ||
+ (routine = task_notify_server_routine (inp)))
{
pthread_mutex_lock (&global_lock);
(*routine) (inp, outp);
@@ -152,6 +155,12 @@ main (int argc, char **argv, char **envp)
if (err)
error (0, err, "Increasing priority failed");
+ err = register_new_task_notification (_hurd_host_priv,
+ generic_port,
+ MACH_MSG_TYPE_MAKE_SEND);
+ if (err)
+error (0, err, "Registering task notifications failed");
+
{
/* Get our stderr set up to print on the console, in case we have
to panic or something. */
diff --git a/proc/mgt.c b/proc/mgt.c
index 02d69db..32408ae 100644
--- a/proc/mgt.c
+++ b/proc/mgt.c
@@ -1,5 +1,5 @@
/* Process management
- Copyright (C) 1992,93,94,95,96,99,2000,01,02,13
+ Copyright (C) 1992,93,94,95,96,99,2000,01,02,13,14
Free Software Foundation, Inc.
This file is part of the GNU Hurd.
@@ -981,3 +981,36 @@ S_proc_get_code (struct proc *callerp,
return 0;
}
+
+/* Handle new task notifications from the kernel. */
+error_t
+S_mach_notify_new_task (mach_port_t notify,
+ mach_port_t task,
+ mach_port_t parent)
+{
+ struct proc *parentp, *childp;
+
+ if (notify != generic_port)
+return EOPNOTSUPP;
+
+ parentp = task_find_nocreate (parent);
+ if (! parentp)
+{
+ mach_port_deallocate (mach_task_self (), task);
+ mach_port_deallocate (mach_task_self (), parent);
+ return ESRCH;
+}
+
+ childp = task_find_nocreate (task);
+ if (! childp)
+{
+ mach_port_mod_refs (mach_task_self (), task, MACH_PORT_RIGHT_SEND, +1);
+ childp = new_proc (task);
+}
+
+ /* XXX do something interesting */
+
+ mach_port_deallocate (mach_task_self (), task);
+ mach_port_deallocate (mach_task_self (), parent);
+ return 0;
+}
--
2.1.1
[PATCH hurd 5/5] proc: fix build
--- proc/Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/proc/Makefile b/proc/Makefile index 2275a66..7cc4af5 100644 --- a/proc/Makefile +++ b/proc/Makefile @@ -32,6 +32,9 @@ MIGSTUBS = processServer.o notifyServer.o \ OBJS = $(SRCS:.c=.o) $(MIGSTUBS) HURDLIBS = ihash ports shouldbeinlibc +# XXX: fix build +MIGSTUBS += gnumachUser.o task_notifyUser.o + OTHERLIBS = -lpthread include ../Makeconf -- 2.1.1
Re: Unprivileged Subhurds
On Thu, Nov 13, 2014 at 12:44:12PM +0100, Justus Winter wrote: > Well, the proc server registers for these notifications. I'll add > this RPC to the process protocol: This looks good to me. I like that it relies on the kernel for security, but that it's also minimalist. -- Richard Braun
Re: FOSDEM talk?
Hello Samuel an thanks for all your work around HURD. I would like a hurd talk about how to contribute. For example, how to fix a simple bug, create a patch... I mean the steps the developers doing when need to fix a bug. Or how to prepare an environment to test and fix bugs. How developers works. Something like Kroah-Hartman talk about creating your first Linux kernel module. The people already have the opportunity to watch your nice talks about hurd so you can prepare something more technically. Anyway thank you so much for your talks and your work. Cheers. El 13 de noviembre de 2014 02:11:49 CET, Samuel Thibault escribió: >Hello, > >As usual for a few years now, there will be a microkernel room at >FOSDEM, I'll be happy to make a hurd talk there, but what could I talk >about? > >Samuel > > >-- >To UNSUBSCRIBE, email to debian-hurd-requ...@lists.debian.org >with a subject of "unsubscribe". Trouble? Contact >listmas...@lists.debian.org >Archive: >https://lists.debian.org/20141113011149.gv3...@type.youpi.perso.aquilenet.fr -- Enviado desde mi teléfono con K-9 Mail.
