Last active
September 20, 2016 18:23
-
-
Save himanshugoel2797/169eb44cb95aca965ae4d709054b09c1 to your computer and use it in GitHub Desktop.
Notes on Cardinal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Terminal I/O streams are also just files, however, stdout needs to be line buffered, this is done automatically by musl, | |
however musl detects terminals using an ioctl, Cardinal doesn't have ioctls and uses normal files for them, so the ioctl | |
needs to be emulated. The ioctl related information will be channeled through a character device, but how would this device | |
be found? For something to be associated to a terminal, after a fork, the terminal would have to setup some properties, thus | |
one option would be to have the terminal itself open a file descriptor to the terminal interface. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cardinal Current Design: | |
====Kernel Responsibilities==== | |
Following microkernel design principles, the kernel has few responsibilities, the kernel | |
handles thread switching, maintains a list of processes, provides IPC, performs | |
allocation of virtual and physical memory and handles forking, interrupts and faults. | |
====Privilege System==== | |
Privilege Levels : Syscalls limited by privilege level | |
Ring 0: Kernel-level syscalls | |
Ring 1: Admin-level syscalls | |
Ring 2: User-level syscalls | |
Ring 0: | |
Raw kernel services | |
Ring 1: | |
Services based on Ring 0, System encryption etc | |
Ring 2: | |
All user services | |
A program in a lower ring is allowed to promote a program in a higher ring to its own ring. | |
A program that has raised its ring may no longer move itself to a lower ring. | |
Raw kernel services are loaded by the kernel | |
====List of Standard Services==== | |
List of Kernel services: | |
- Sibyl (syscall filter) | |
List of Ring 0 services: | |
- Encryption manager | |
- Root file server | |
- Process manager | |
- Elf loader | |
- PCI server | |
- Randomness source | |
- Reincarnation server | |
- System Initialization | |
- Shared memory server | |
- Bus manager | |
- Hardware event bus | |
- Power event bus | |
Available Syscalls: | |
- All Ring 2 syscalls | |
- Kernel level fork | |
- Full process manipulation permissions | |
- Get/Set process data | |
- Access to physical memory | |
- Map/Unmap memory in arbitrary processes | |
List of Ring 1 services: | |
- Authentication manager | |
- User manager | |
- Secure data store | |
- Drivers | |
- Network stack | |
- Display server | |
- Busses | |
- Authentication events | |
- Display events | |
- Driver events | |
- Network events | |
Available Syscalls: | |
- All Ring 2 syscalls | |
- Power management syscalls | |
List of Ring 2 services: | |
- User programs | |
- User authentication manager | |
- User Secure Data Store | |
- Terminal server | |
- Busses | |
- User busses | |
Available Syscalls: | |
- All common UNIX syscalls | |
- Emulation for other calls | |
====Service Descriptions==== | |
==Elf Loader== | |
This process simply reads an elf file and loads it into memory, ready to execute. | |
==Process Manager== | |
This process provides the user with the ability to fork processes, all processes | |
besides System Initialization are children of this process. | |
==Reincarnation Server== | |
This process acts as a watchdog, ensuring that any servers that aren't responding | |
are restarted from a previously saved state. | |
==PCI Server== | |
This process provides drivers with the functionality they need, by allowing drivers | |
to request mapping access for MMIO. It also acts as a proxy for gaining access to IO ports. | |
==Encryption Manager== | |
This process provides encryption related services to applications, providing a single | |
location for implementation of common algorithms. | |
==Shared Memory Server== | |
This process provides shared memory services to applications, it uses the ability to | |
map physical memory to any process to do so. | |
==Randomness Source== | |
This process provides a secure source of randomness to the system. | |
==Authentication Manager== | |
This process handles authentication protocols, providing a single location for secure | |
implementation. | |
==Bus Manager== | |
This process provides a form of IPC that builds on top of Message passing to provide | |
message busses to the system. | |
==User Manager== | |
This process handles user management. | |
==Secure Data Store== | |
This process stores important data in an encrypted data store. | |
==Terminal Server== | |
This process provides an isolated base terminal to user applications, each terminal | |
window is connected to the user's terminal server. | |
==Sibyl== | |
Sibyl is a kernel side sandboxing system that dynamically patches syscall handlers | |
per process to allow applications to restrict their own syscalls. | |
==Root File Server== | |
The Root File Server provides the filesystem abstraction to the rest of the OS, | |
it is responsible for receiving open requests and passing them on to the appropriate | |
file server. It also communicates with the process manager to maintain namespaces | |
groups. | |
====Namespace Groups==== | |
Namespace groups are a means of defining sets of views of the filesystem. An example | |
of their usage would be for instance, having a namespace group per terminal, thus | |
allowing certain files to be changed, such as the stdio streams. Processes inherit | |
their namespace group from their parent process, a newly created namespace group is | |
based off of the previous namespace group (ie. namespace groups must be forked) | |
====Multiprocessing==== | |
Access to other cores is controlled via cooperative multitasking, exposing them as services | |
===File Descriptor Rules=== | |
All paths passed to file servers must be absolute, the libc is responsible for internally maintaining a descriptor for the | |
current working directory and using an fd2path request (as in plan9) to obtain its path to prepend to the path before | |
canonicalizing the path and sending it out to the file server in the end. | |
===File systems=== | |
/proc -> Processes | |
/bus -> Busses | |
/dev -> Devices | |
/shmem -> Shared Memory |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment