Struct Kernel 

pub struct Kernel {

    pub weak_self: Weak<Kernel>,
    pub kthreads: KernelThreads,
    pub features: KernelFeatures,
    pub pids: RwLock<PidTable>,
    pub pid_to_koid_mapping: Arc<RwLock<Option<PidToKoidMap>>>,
    pub expando: Expando,
    pub default_abstract_socket_namespace: Arc<AbstractUnixSocketNamespace>,
    pub default_abstract_vsock_namespace: Arc<AbstractVsockSocketNamespace>,
    pub cmdline: BString,
    pub device_tree: Option<Devicetree>,
    pub security_state: KernelState,
    pub device_registry: DeviceRegistry,
    pub container_namespace: ContainerNamespace,
    pub remote_block_device_registry: Arc<RemoteBlockDeviceRegistry>,
    pub shared_futexes: Arc<FutexTable<SharedFutexKey>>,
    pub root_uts_ns: UtsNamespaceHandle,
    pub vdso: Vdso,
    pub vdso_arch32: Option<Vdso>,
    pub netstack_devices: Arc<NetstackDevices>,
    pub swap_files: OrderedMutex<Vec<FsNodeHandle>, KernelSwapFiles>,
    pub inspect_node: Node,
    pub actions_logged: AtomicU16,
    pub suspend_resume_manager: SuspendResumeManagerHandle,
    pub next_mount_id: AtomicU64Counter,
    pub next_peer_group_id: AtomicU64Counter,
    pub next_namespace_id: AtomicU64Counter,
    pub next_file_object_id: AtomicU64Counter,
    pub next_inotify_cookie: AtomicU32Counter,
    pub ptrace_scope: AtomicU8,
    pub build_version: OnceCell<String>,
    pub stats: Arc<KernelStats>,
    pub system_limits: SystemLimits,
    pub delayed_releaser: DelayedReleaser,
    pub scheduler: SchedulerManager,
    pub syslog: Syslog,
    pub mounts: Mounts,
    pub hrtimer_manager: HrTimerManagerHandle,
    pub memory_attribution_manager: MemoryAttributionManager,
    pub crash_reporter: CrashReporter,
    pub procfs_device_tree_setup: Vec<fn(&SimpleDirectoryMutator)>,
    pub restrict_dmesg: AtomicBool,
    pub disable_unprivileged_bpf: AtomicU8,
    pub container_control_handle: Mutex<Option<ComponentControllerControlHandle>>,
    pub ebpf_state: EbpfState,
    pub cgroups: KernelCgroups,
    pub time_adjustment_proxy: Option<AdjustSynchronousProxy>,
    pub socket_tokens_store: SocketTokensStore,
    pub hwcaps: HwCaps,
    /* private fields */
}

The shared, mutable state for the entire Starnix kernel.

The Kernel object holds all kernel threads, userspace tasks, and file system resources for a single instance of the Starnix kernel. In production, there is one instance of this object for the entire Starnix kernel. However, multiple instances of this object can be created in one process during unit testing.

The structure of this object will likely need to evolve as we implement more namespacing and isolation mechanisms, such as namespaces(7) and pid_namespaces(7).

Fields

weak_self: Weak<Kernel>

Weak reference to self. Allows to not have to pass &Arc in apis.

kthreads: KernelThreads

The kernel threads running on behalf of this kernel.

features: KernelFeatures

The features enabled for this kernel.

pids: RwLock<PidTable>

The processes and threads running in this kernel, organized by pid_t.

pid_to_koid_mapping: Arc<RwLock<Option<PidToKoidMap>>>

Used to record the pid/tid to Koid mappings. Set when collecting trace data.

expando: Expando

Subsystem-specific properties that hang off the Kernel object.

Instead of adding yet another property to the Kernel object, consider storing the property in an expando if that property is only used by one part of the system, such as a module.

default_abstract_socket_namespace: Arc<AbstractUnixSocketNamespace>

The default namespace for abstract AF_UNIX sockets in this kernel.

Rather than use this default namespace, abstract socket addresses should be looked up in the AbstractSocketNamespace on each Task object because some Task objects might have a non-default namespace.

default_abstract_vsock_namespace: Arc<AbstractVsockSocketNamespace>

The default namespace for abstract AF_VSOCK sockets in this kernel.

cmdline: BString

The kernel command line. Shows up in /proc/cmdline.

device_tree: Option<Devicetree>

security_state: KernelState

device_registry: DeviceRegistry

The registry of device drivers.

container_namespace: ContainerNamespace

Mapping of top-level namespace entries to an associated proxy. For example, “/svc” to the respective proxy. Only the namespace entries which were known at component startup will be available by the kernel.

remote_block_device_registry: Arc<RemoteBlockDeviceRegistry>

The registry of block devices backed by a remote fuchsia.io file.

shared_futexes: Arc<FutexTable<SharedFutexKey>>

The futexes shared across processes.

root_uts_ns: UtsNamespaceHandle

The default UTS namespace for all tasks.

Because each task can have its own UTS namespace, you probably want to use the UTS namespace handle of the task, which may/may not point to this one.

vdso: Vdso

A struct containing a VMO with a vDSO implementation, if implemented for a given architecture, and possibly an offset for a sigreturn function.

vdso_arch32: Option<Vdso>

A struct containing a VMO with a arch32-vDSO implementation, if implemented for a given architecture.

netstack_devices: Arc<NetstackDevices>

The table of devices installed on the netstack and their associated state local to this Kernel.

swap_files: OrderedMutex<Vec<FsNodeHandle>, KernelSwapFiles>

Files that are currently available for swapping. Note: Starnix never actually swaps memory to these files. We just need to track them to pass conformance tests.

inspect_node: Node

Inspect instrumentation for this kernel instance.

actions_logged: AtomicU16

The kinds of seccomp action that gets logged, stored as a bit vector. Each potential SeccompAction gets a bit in the vector, as specified by SeccompAction::logged_bit_offset. If the bit is set, that means the action should be logged when it is taken, subject to the caveats described in seccomp(2). The value of the bit vector is exposed to users in a text form in the file /proc/sys/kernel/seccomp/actions_logged.

suspend_resume_manager: SuspendResumeManagerHandle

The manager for suspend/resume.

next_mount_id: AtomicU64Counter

Unique IDs for new mounts and mount namespaces.

next_peer_group_id: AtomicU64Counter

next_namespace_id: AtomicU64Counter

next_file_object_id: AtomicU64Counter

Unique IDs for file objects.

next_inotify_cookie: AtomicU32Counter

Unique cookie used to link two inotify events, usually an IN_MOVE_FROM/IN_MOVE_TO pair.

ptrace_scope: AtomicU8

Controls which processes a process is allowed to ptrace. See Documentation/security/Yama.txt

build_version: OnceCell<String>

stats: Arc<KernelStats>

system_limits: SystemLimits

Resource limits that are exposed, for example, via sysctl.

delayed_releaser: DelayedReleaser

scheduler: SchedulerManager

Manages task priorities.

syslog: Syslog

The syslog manager.

mounts: Mounts

All mounts.

hrtimer_manager: HrTimerManagerHandle

The manager for creating and managing high-resolution timers.

memory_attribution_manager: MemoryAttributionManager

The manager for monitoring and reporting resources used by the kernel.

crash_reporter: CrashReporter

Handler for crashing Linux processes.

procfs_device_tree_setup: Vec<fn(&SimpleDirectoryMutator)>

Vector of functions to be run when procfs is constructed. This is to allow modules to expose directories into /proc/device-tree.

restrict_dmesg: AtomicBool

True to disable syslog access to unprivileged callers. This also controls whether read access to /dev/kmsg requires privileged capabilities.

disable_unprivileged_bpf: AtomicU8

Determines whether unprivileged BPF is permitted, or can be re-enabled. 0 - Unprivileged BPF is permitted. 1 - Unprivileged BPF is not permitted, and cannot be enabled. 2 - Unprivileged BPF is not permitted, but can be enabled by a privileged task.

container_control_handle: Mutex<Option<ComponentControllerControlHandle>>

Control handle to the running container’s ComponentController.

ebpf_state: EbpfState

eBPF state: loaded programs, eBPF maps, etc.

cgroups: KernelCgroups

Cgroups of the kernel.

time_adjustment_proxy: Option<AdjustSynchronousProxy>

Used to communicate requests to adjust system time from within a Starnix container. Used from syscalls.

socket_tokens_store: SocketTokensStore

Used to store tokens for sockets, particularly per-uid sharing domain sockets.

hwcaps: HwCaps

Hardware capabilities to push onto stack when loading an ELF binary.

Implementations

impl Kernel

pub fn new( cmdline: BString, features: KernelFeatures, system_limits: SystemLimits, container_namespace: ContainerNamespace, scheduler: SchedulerManager, crash_reporter_proxy: Option<CrashReporterProxy>, inspect_node: Node, security_state: KernelState, procfs_device_tree_setup: Vec<fn(&SimpleDirectoryMutator)>, time_adjustment_proxy: Option<AdjustSynchronousProxy>, device_tree: Option<Devicetree>, ) -> Result<Arc<Kernel>, Status>

pub fn shut_down(self: &Arc<Self>)

Shuts down userspace and the kernel in an orderly fashion, eventually terminating the root kernel process.

pub fn is_shutting_down(&self) -> bool

pub fn open_device<L>( &self, locked: &mut Locked<L>, current_task: &CurrentTask, node: &NamespaceNode, flags: OpenFlags, dev: DeviceType, mode: DeviceMode, ) -> Result<Box<dyn FileOps>, Errno>

where L: LockEqualOrBefore<FileOpsCore>,

Opens a device file (driver) identified by dev.

pub fn audit_logger(&self) -> Arc<AuditLogger>

Return a reference to the Audit Framework

This function follows the lazy initialization pattern.

pub fn generic_netlink( &self, ) -> &GenericNetlink<NetlinkToClientSender<GenericMessage>>

Return a reference to the GenericNetlink implementation.

This function follows the lazy initialization pattern, where the first call will instantiate the Generic Netlink server in a separate kthread.

pub fn network_netlink(self: &Arc<Self>) -> &Netlink<NetlinkContextImpl>

Return a reference to the netlink::Netlink implementation.

This function follows the lazy initialization pattern, where the first call will instantiate the Netlink implementation.

pub fn iptables(&self) -> &IpTables

pub fn connect_to_named_protocol_at_container_svc<P: ProtocolMarker>( &self, filename: &str, ) -> Result<ClientEnd<P>, Errno>

Returns a Proxy to the service used by the container at filename.

pub fn connect_to_protocol_at_container_svc<P: DiscoverableProtocolMarker>( &self, ) -> Result<ClientEnd<P>, Errno>

Returns a Proxy to the service P used by the container.

pub fn new_memory_attribution_observer( &self, control_handle: ProviderControlHandle, ) -> Observer

pub fn open_ns_dir( &self, path: &str, open_flags: Flags, ) -> Result<(DirectorySynchronousProxy, String), Errno>

Opens and returns a directory proxy from the container’s namespace, at the requested path, using the provided flags. This method will open the closest existing path from the namespace hierarchy. For instance, if the parameter provided is /path/to/foo/bar and the exists namespace entries for /path/to/foo and /path/to, then the former will be used as the root proxy and the subdir bar returned.

pub fn cmdline_args_iter(&self) -> impl Iterator<Item = ArgNameAndValue<'_>>

Returns an iterator of the command line arguments.

impl Kernel

pub fn get_next_mount_id(&self) -> u64

pub fn get_next_peer_group_id(&self) -> u64

pub fn get_next_namespace_id(&self) -> u64

impl Kernel

pub fn get_next_inotify_cookie(&self) -> u32

Trait Implementations

impl Debug for Kernel

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a> KernelOrTask<'a> for &'a Kernel

fn kernel(&self) -> &'a Kernel

fn maybe_task(&self) -> Option<&'a CurrentTask>