#
324250 |
|
04-Oct-2017 |
ed |
MFC r321514, r322885, r323015, r323177
This brings the CloudABI code more or less in sync with HEAD.
r321514: Upgrade to the latest sources generated from the CloudABI specification.
The CloudABI specification has had some minor changes over the last half year. No substantial features have been added, but some features that are deemed unnecessary in retrospect have been removed:
- mlock()/munlock():
These calls tend to be used for two different purposes: real-time support and handling of sensitive (cryptographic) material that shouldn't end up in swap. The former use case is out of scope for CloudABI. The latter may also be handled by encrypting swap.
Removing this has the advantage that we no longer need to worry about having resource limits put in place.
- SOCK_SEQPACKET:
Support for SOCK_SEQPACKET is rather inconsistent across various operating systems. Some operating systems supported by CloudABI (e.g., macOS) don't support it at all. Considering that they are rarely used, remove support for the time being.
- getsockname(), getpeername(), etc.:
A shortcoming of the sockets API is that it doesn't allow you to create socket(pair)s, having fake socket addresses associated with them. This makes it harder to test applications or transparently forward (proxy) connections to them.
With CloudABI, we're slowly moving networking connectivity into a separate daemon called Flower. In addition to passing around socket file descriptors, this daemon provides address information in the form of arbitrary string labels. There is thus no longer any need for requesting socket address information from the kernel itself.
This change also updates consumers of the generated code accordingly. Even though system calls end up getting renumbered, this won't cause any problems in practice. CloudABI programs always call into the kernel through a kernel-supplied vDSO that has the numbers updated as well.
Obtained from: https://github.com/NuxiNL/cloudabi
r322885: Sync CloudABI compatibility against the latest upstream version (v0.13).
With Flower (CloudABI's network connection daemon) becoming more complete, there is no longer any need for creating any unconnected sockets. Socket pairs in combination with file descriptor passing is all that is necessary, as that is what is used by Flower to pass network connections from the public internet to listening processes.
Remove all of the kernel bits that were used to implement socket(), listen(), bindat() and connectat(). In principle, accept() and SO_ACCEPTCONN may also be removed, but there are still some consumers left.
Obtained from: https://github.com/NuxiNL/cloudabi
r323015: Complete the CloudABI networking refactoring.
Now that all of the packaged software has been adjusted to either use Flower (https://github.com/NuxiNL/flower) for making incoming/outgoing network connections or can have connections injected, there is no longer need to keep accept() around. It is now a lot easier to write networked services that are address family independent, dual-stack, testable, etc.
Remove all of the bits related to accept(), but also to getsockopt(SO_ACCEPTCONN).
r323177: Merge pipes and socket pairs.
Now that CloudABI's sockets API has been changed to be addressless and only connected socket instances are used (e.g., socket pairs), they have become fairly similar to pipes. The only differences on CloudABI is that socket pairs additionally support shutdown(), send() and recv().
To simplify the ABI, we've therefore decided to remove pipes as a separate file descriptor type and just let pipe() return a socket pair of type SOCK_STREAM. S_ISFIFO() and S_ISSOCK() are now defined identically.
|
#
316574 |
|
06-Apr-2017 |
ed |
Bring kernel space CloudABI code in sync with HEAD.
MFC r312353, r312354 and r312355:
Sync in the latest CloudABI generated source files.
Languages like C++17 and Go provide direct support for slice types: pointer/length pairs. The CloudABI generator now has more complete for this, meaning that for the C binding, pointer/length pairs now use an automatic naming scheme of ${name} and ${name}_len.
Apart from this change and some reformatting, the ABI definitions are identical. Binary compatibility is preserved entirely.
MFC r315700:
Make file descriptor passing work for CloudABI's sendmsg().
Reduce the potential amount of code duplication between cloudabi32 and cloudabi64 by creating a cloudabi_sock_recv() utility function. The cloudabi32 and cloudabi64 modules will then only contain code to convert the iovecs to the native pointer size.
In cloudabi_sock_recv(), we can now construct an SCM_RIGHTS cmsghdr in an mbuf and pass that on to kern_sendit().
MFC r315736:
Make file descriptor passing for CloudABI's recvmsg() work.
Similar to the change for sendmsg(), create a pointer size independent implementation of recvmsg() and let cloudabi32 and cloudabi64 call into it. In case userspace requests one or more file descriptors, call kern_recvit() in such a way that we get the control message headers in an mbuf. Iterate over all of the headers and copy the file descriptors to userspace.
|
#
314334 |
|
27-Feb-2017 |
kib |
MFC kern_mmap(9) and related helpers.
MFC r302514 (by rwatson): Audit file-descriptor arguments to I/O system calls such as read(2), write(2), dup(2), and mmap(2).
MFC r302524 (by rwatson): When mmap(2) is used with a vnode, capture vnode attributes in the audit trail.
MFC r313352 (by trasz): Add kern_vm_mmap2(), kern_vm_mprotect(), kern_vm_msync(), kern_vm_munlock(), kern_vm_munmap(), and kern_vm_madvise().
MFC r313655: Change type of the prot parameter for kern_vm_mmap() from vm_prot_t to int.
MFC r313696: Rework r313352.
|
#
297247 |
|
24-Mar-2016 |
ed |
Replace the CloudABI system call table by a machine generated version.
The type definitions and constants that were used by COMPAT_CLOUDABI64 are a literal copy of some headers stored inside of CloudABI's C library, cloudlibc. What is annoying is that we can't make use of cloudlibc's system call list, as the format is completely different and doesn't provide enough information. It had to be synced in manually.
We recently decided to solve this (and some other problems) by moving the ABI definitions into a separate file:
https://github.com/NuxiNL/cloudabi/blob/master/cloudabi.txt
This file is processed by a pile of Python scripts to generate the header files like before, documentation (markdown), but in our case more importantly: a FreeBSD system call table.
This change discards the old files in sys/contrib/cloudabi and replaces them by the latest copies, which requires some minor changes here and there. Because cloudabi.txt also enforces consistent names of the system call arguments, we have to patch up a small number of system call implementations to use the new argument names.
The new header files can also be included directly in FreeBSD kernel space without needing any includes/defines, so we can now remove cloudabi_syscalldefs.h and cloudabi64_syscalldefs.h. Patch up the sources to include the definitions directly from sys/contrib/cloudabi instead.
|
#
295917 |
|
23-Feb-2016 |
ed |
Make handling of mmap()'s prot argument more strict.
- Make the system call fail if prot contains bits other than read, write and exec. - Similar to OpenBSD's W^X, don't allow write and exec to be set at the same time. I'd like to see for now what happens if we enforce this policy unconditionally. If it turns out that this is far too strict, we'll loosen this requirement.
|
#
285307 |
|
09-Jul-2015 |
ed |
Import the CloudABI datatypes and create a system call table.
CloudABI is a pure capability-based runtime environment for UNIX. It works similar to Capsicum, except that processes already run in capabilities mode on startup. All functionality that conflicts with this model has been omitted, making it a compact binary interface that can be supported by other operating systems without too much effort.
CloudABI is 'secure by default'; the idea is that it should be safe to run arbitrary third-party binaries without requiring any explicit hardware virtualization (Bhyve) or namespace virtualization (Jails). The rights of an application are purely determined by the set of file descriptors that you grant it on startup.
The datatypes and constants used by CloudABI's C library (cloudlibc) are defined in separate files called syscalldefs_mi.h (pointer size independent) and syscalldefs_md.h (pointer size dependent). We import these files in sys/contrib/cloudabi and wrap around them in cloudabi*_syscalldefs.h.
We then add stubs for all of the system calls in sys/compat/cloudabi or sys/compat/cloudabi64, depending on whether the system call depends on the pointer size. We only have nine system calls that depend on the pointer size. If we ever want to support 32-bit binaries, we can simply add sys/compat/cloudabi32 and implement these nine system calls again.
The next step is to send in code reviews for the individual system call implementations, but also add a sysentvec, to allow CloudABI executabled to be started through execve().
More information about CloudABI: - GitHub: https://github.com/NuxiNL/cloudlibc - Talk at BSDCan: https://www.youtube.com/watch?v=SVdF84x1EdA
Differential Revision: https://reviews.freebsd.org/D2848 Reviewed by: emaste, brooks Obtained from: https://github.com/NuxiNL/freebsd
|