The added mechanisms in VSOS.

王硕 kloisiie at ...236...
Tue Sep 9 06:50:28 CEST 2014

Hello Norman,
Our team developed some apps to present BLP and Biba access-control model. All of these apps can be started in qt_launchpad.

In order to simulate a login process, they used several "Connections" (just like Monitor__Connection) to "jump" from the login windows to qt_launchpad (or reversely). Secure attention key was also implemented like this in void handle_event() in ps2_keyboard.h. (‍)
For example, in main.cpp in qt_launchpad:
int main(int argc, char *argv[])
    Timer::Connection loginwait;    
        if(loginfinished) break;
        else { loginwait.msleep(1500);

the while(true) loop will be broken if and only if the login app (in qt4/src/apps/verify) validate the username and password and change the loginfinished‍ flag to TURE. Then the login windows hides and qt_launchpad will continue executing and show the window.

The default username (the left textbox/QLineEdit in the first line of login app) and passwords (the textbox in the second line) are admin and helloos5, and the default login level (following BLP model, the right ComboBox in the first line) is 2.

The audit and access-control mechanism was implemented in /base/include/monitor_session.‍‍

 Shuo Wang, 
University of Chinese Academy of Sciences.

------------------ Original ------------------
<kloisiie at ...236...>;
 "genode-main"<genode-main at>; 
 Fw:Re: Some questions about performance optimization related toGUIframework on Genode

Hello Norman,
Here is a .iso file of the VSOS system. If you can't build and run from the source code, you can try this:

Thank you for you help.

 Shuo Wang, 
University of Chinese Academy of Sciences.


------------------  Original Mail ------------------
 "genode-main"<genode-main at>; Re: Some questions about performance optimization related toGUIframework on Genode

Hello Norman,

I'm sorry for my carelessness.

L4_UTCB_USER_ID_OFFSET is defined in



  L4_UTCB_USER_ID_OFFSET     = 62 * sizeof(l4_umword_t),

 Shuo Wang, 
University of Chinese Academy of Sciences. 

------------------ Original Mail ------------------
"norman.feske";<norman.feske at ...1...>;
 "genode-main"<genode-main at>; 
Re: Some questions about performance optimization related toGUIframework on Genode

Hello Shuo Wang,

> In Genode, it takes approximately 3 seconds for qt_launchpad to launch,
> and more than 1 seconds for other apps to launch. This is too slow, so
> my task is to reduce the launch time of qt_launchpad and apps. But I
> don't know what the reason of the low performance is. So I turn to you
> for some advice.

I cannot reproduce this observation. Please give the qt5 run script of
Genode 14.08 a try. When started on real hardware (not on Qemu!), Qt5
applications, including the qt_launchpad, open up instantly. I guess
that you performed your measurement either on Qemu, or using your
group's branch of Genode.

Speaking of this branch, I still could not get it running (see my last
email about the missing definition of L4_UTCB_USER_ID_OFFSET). However,
by quickly skimming over it, I have seen modifications that may impede
performance quite significantly. E.g., the following addition in the RPC
server code:

Not knowing the reasoning behind this code, I suspect that it goes
against the grain of Genode in several ways.

* It seems to introduce the notion of global IDs, which Genode tries
  to avoid to counter problems like "ambient authority".

* With my limited understanding of your changes, it looks like your
  group implemented a classical ACL-policy mechanism right into the
  heart of Genode. In my opinion, this approach contradicts with
  the Genode's capability-based access-control model. I would
  love to know the rationale behind this line of work and discuss
  possible alternative solutions that are coherent with Genode's

* The code path is performance-critical, yet it performs slow string
  compare operations and RPC calls.

* It mixes different levels of abstractions. 'rpc_server.h' contains
  the low-level message-dispatching mechanism whereas the notions of
  objects, sessions, and connections are introduced on top of that.
  By creating a "Monitor_connection" object within the low-level code
  path, the low-level code becomes reliant on higher-level
  abstractions that are built on top of the low-level code. Such
  circular dependencies are not good.

* It is specific to one particular kernel.

Given the huge amout of changes in your branch, there might be a good
chance that other performance-critical parts were changed for the worse,
too. To see whether the performance problems are actually on Genode's
account or stemming from the changes of your group, please check that
the problems can be reproduced on the unmodified version of Genode.

Best regards

Dr.-Ing. Norman Feske
Genode Labs ·

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

Slashdot TV.  
Video for Nerds.  Stuff that matters.
genode-main mailing list
genode-main at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list