Hi all,
I've tried to build the genode framework for the l4ka-pistachio kernel using
your 4.2.4 cross toolchain.
When building the dde-usbhid driver (test-dde_linux26_usbhid / REPOSITORIES +=
../linux_drivers), the compiler throws a linktime error:
Program test-dde_linux26_usbhid
COMPILE main.o
LINK test-dde_linux26_usbhid
./dde_linux26-arch.lib.a(dde_linux26-arch_dummies.o): In function
`add_input_randomness':
/home/…
[View More]krebserregend/genode/linux_drivers/src/lib/dde_linux26/arch/dde_kit/dummie
s.c:15: multiple definition of `add_input_randomness'
./dde_linux26-drivers.lib.a(dde_linux26-drivers_random.o):/home/krebserregend/ge
node/linux_drivers/src/linux26/drivers/char/random.c:636: first defined here
./dde_linux26-drivers.lib.a(dde_linux26-drivers_random.o): In function
`random_write':
random.c:(.text+0x11e2): undefined reference to `__mark_inode_dirty'
./dde_linux26-drivers.lib.a(dde_linux26-drivers_random.o): In function
`secure_ip_id':
random.c:(.text+0x1231): undefined reference to `half_md4_transform'
./dde_linux26-drivers.lib.a(dde_linux26-drivers_random.o): In function
`random_read':
random.c:(.text+0x1484): undefined reference to `touch_atime'
collect2: ld returned 1 exit status
make[2]: ***
[/home/krebserregend/genode/build.pistachio_x86/test/dde_linux26_usbhid/test-dde
_linux26_usbhid] Error 1
make[1]: *** [single_target] Error 2
make: *** [.] Error 2
Is there perhaps anything missing in my host OS (Ubuntu 9.04)?
Cheers
Sven
[View Less]
Thank you Norman very much answering all my questions.
>
>> 1- Is there anyway that a child can be endowed with any extra
>> capabilities to server services at creation by its parent?....
>
> At start time of a new child, the parent provides the child with
> only one capability that we call parent capability. ..... Do you see
> the need to statically preconfigure the environment of a child with a
> set of capabilities?
>
No, I don't see any need for the parent …
[View More]to be able endow a set of capabilities at creation. (I was just checking to see that I understood the new child creation process properly. Some other cap theory and projects websites I've previously looked at mention or have endowment at creation so was wondering if genode could do this as well)
>> 2- In the documentation it says that the parent of a server ...
>
> In fact, it is just a decision of the parent to keep the root
> capability. A root capability could be transferred to another protection
> domain via IPC just like any other capability. ..... Then however, RAM allocations are not anymore
> individually accountable to those processes.
>
Thanks for clearing this up for me. I did wonder a bit about the memory quota sharing implications and thought that there might be problems like you've outlined.
> Just out of curiosity, do you see a practical case for sharing a root
> capability among multiple processes?
No, I don't. (Please note though that I don't think I'm in a position to give much opinion cause I've only just started learning about genode- also I'm only a amateur/hobbyist so my opinions don't count for much sorry)
>
>> 3- The documentation mentions the use of unix file permissions. ....
>
> The use of UNIX file permissions .... In fact, we do not plan to introduce
> UNIX file permissions into the base framework of Genode.....
>
I'm very happy/relieved to here this :) (As a suggestion -although from an amateur- perhaps you should specifically mention that ACL's/unix file permissions are not intrinsic to genode nor are they planned to be. Because on first pass reading I go the impression that the file permissions might be planned although it is a cap based system-- and I was reading it from the perspective of someone familiar with cap theory and knows the difference between caps and ACLs. I feel that if someone who read this wasn't already familiar cap OSes and all they knew were traditional ACL systems then they would assume that the file permissions are indeed already present and necessarily intrinsic.)
> Right now, Genode creates the capability network dynamically at the
> system's boot time according to the policy of each involved parent. So
> there is no central ACL but the policy is distributed among all nodes
> that play a parent role. This approach neither requires persistency nor
> a statically configured ACL. .....
>
This sound very interesting!
Thanks once again for answering, but if you don't mind can I bother you with just few more last questions:
A: Two questions regarding the interfaces between parent and child-
1) How does a server to signal to the client that it will need/does need more quota. (The interface methods given in the "Interfaces and Mechanisms" document allows a client to give quota to a server, but hows does the client know when and how much it needs to give?)
2)Are the session request strings expected to follow a format and naming standard for common types of services?
B:Other questions-
1)Do you eventually intend to formally verify the software? (I believe the NICTA /OK-labs L4 kernel that genode can target is in the process of being verified and was wondering if you will likewise wish to verify genode to supply a fully mathematically verified framework for building OS personalities on).
Lastly, I re-read the "Interfaces and Mechanisms" and I think I've found another minor error- in the section "Quota" in the sentence "Once, the server requests to close the session, the child is responsible to release all resources that were used for this session.". Aren't the words "server" and "child" meant to be swaped around here?
Thanks
Ross McGinnis
_________________________________________________________________
Get the latest news, goss and sport Make ninemsn your homepage!
http://windowslive.ninemsn.com.au/article.aspx?id=813730
[View Less]
Hello,
I'm an amateur//hobbyist programmer who is very interested capability operating systems. I have just found this project and have started reading the documentation. I have some questions regarding the "Interfaces and Mechanisms" document- sorry if these have already been asked (if so just point me to where I can already find the answers).
1- Is there anyway that a child can be endowed with any extra capabilities to server services at creation by its parent? Or is it always the case that …
[View More]the child always has to be first created without any extra capabilities and only after it is created then can it gain external caps by requesting a service by way of its parent?
2- In the documentation it says that the parent of a server is given the root_capability to any services announced by the child and this cap is intended to be used and kept by the parent only.
Is this cap actually copyable and transferrable?
And does it really matter if the parent gives this cap away?
This last question may seem really dumb since it goes against the whole point of having an acylic tree of parent to children nodes to facilitate reasoning about the TCB, however, if you haven't actually stopped the parent from been able to give it away shouldn't you assume that it will give it away?
3- The documentation mentions the use of unix file permissions. Are access control lists and file permissions to be planned/implemented in the file servers within the genode project? If they are, it is there a possibility for a confused deputies to arise since the clients request services by using serive_name and arg strings instead of capabilities?
>From what I naively understand about capability based OSes is that you either have to provide a persistent state mechanism or an ACL like regime to be able to recreate the capability network at power-up after shut-down/crash-recovery. Is it possible for a system to be built using genode framework which is orthognally persistent and thus drop the use of ACL's?
Lastly, I think there is a very slight mistake in the "Interfaces and Mechanisms" document in the "Servers" section towards the very end in the sentence "The session capability, created by Child1 (4), can now be passed to Child1 as return value of nested session calls (5, 6).": shouldn't the second mention of "Child1" actually be "Parent2"?)
This looks like a very interesting project with fantasic potential! Thanks for creating it!
Thanks you
Ross McGinnis
_________________________________________________________________
Looking for a place to rent, share or buy this winter? Find your next place with Ninemsn property
http://a.ninemsn.com.au/b.aspx?URL=http%3A%2F%2Fninemsn%2Edomain%2Ecom%2Eau…
[View Less]