Capability manipulation syscalls

Support for capability replicate, share, grant, deduce, and split. The code builds, but hasn't been tested.
2026-01-16 12:53:16 +01:00 · 2009-11-07 15:29:52 +02:00
parent f7565118f1
commit 3728e7ef1e
8 changed files with 562 additions and 164 deletions
--- a/include/l4/api/capability.h
+++ b/include/l4/api/capability.h
@@ -7,18 +7,21 @@
 #define __API_CAPABILITY_H__

 /* Capability syscall request types */
-#define CAP_CONTROL_NCAPS		0x00
-#define CAP_CONTROL_READ		0x01
-#define CAP_CONTROL_SHARE		0x02
-#define CAP_CONTROL_GRANT		0x03
-#define CAP_CONTROL_MODIFY		0x05
+#define CAP_CONTROL_NCAPS		0x00000000
+#define CAP_CONTROL_READ		0x00000001
+#define CAP_CONTROL_SHARE		0x00000002
+#define CAP_CONTROL_GRANT		0x00000003
+#define CAP_CONTROL_REPLICATE		0x00000005
+#define CAP_CONTROL_SPLIT		0x00000006
+#define CAP_CONTROL_DEDUCE		0x00000007

-#define CAP_SHARE_MASK			0x1F
-#define CAP_SHARE_SPACE			0x01
-#define CAP_SHARE_CONTAINER		0x02
-#define CAP_SHARE_GROUP			0x04
-#define CAP_SHARE_CHILD			0x08	/* All that we are pager of */
-#define CAP_SHARE_SIBLING		0x10	/* All that have a common pager */
+#define CAP_SHARE_MASK			0x00000003
+#define CAP_SHARE_SINGLE		0x00000001
+#define CAP_SHARE_ALL			0x00000002
+
+#define CAP_GRANT_MASK			0x00000003
+#define CAP_GRANT_SINGLE		0x00000001
+#define CAP_GRANT_ALL			0x00000002

 /* Task's primary capability list */
 #define TASK_CAP_LIST(task)	\
--- a/include/l4/api/syscall.h
+++ b/include/l4/api/syscall.h
@@ -42,7 +42,8 @@ int sys_ipc_control(void);
 int sys_map(unsigned long phys, unsigned long virt, unsigned long npages,
 	    unsigned int flags, l4id_t tid);
 int sys_getid(struct task_ids *ids);
-int sys_capability_control(unsigned int req, unsigned int flags, void *addr);
+int sys_capability_control(unsigned int req, unsigned int flags,
+			   l4id_t capid, l4id_t target, void *addr);
 int sys_container_control(unsigned int req, unsigned int flags, void *addr);
 int sys_time(struct timeval *tv, int set);
 int sys_mutex_control(unsigned long mutex_address, int mutex_op);
--- a/include/l4/generic/cap-types.h
+++ b/include/l4/generic/cap-types.h
@@ -26,23 +26,29 @@
 */
 #define CAP_RTYPE_MASK		0xFFFF0000
 #define CAP_RTYPE_THREAD	(1 << 16)
-#define CAP_RTYPE_TGROUP	(1 << 17)
-#define CAP_RTYPE_SPACE		(1 << 18)
-#define CAP_RTYPE_CONTAINER	(1 << 19)
-#define CAP_RTYPE_PGGROUP	(1 << 20) /* Group of paged threads */
-#define CAP_RTYPE_CPUPOOL	(1 << 21)
-#define CAP_RTYPE_THREADPOOL	(1 << 22)
-#define CAP_RTYPE_SPACEPOOL	(1 << 23)
-#define CAP_RTYPE_MUTEXPOOL	(1 << 24)
-#define CAP_RTYPE_MAPPOOL	(1 << 25) /* For pmd spending */
-#define CAP_RTYPE_CAPPOOL	(1 << 26) /* For new cap generation */
+#define CAP_RTYPE_SPACE		(1 << 17)
+#define CAP_RTYPE_CONTAINER	(1 << 18)
+#define CAP_RTYPE_CPUPOOL	(1 << 19)
+#define CAP_RTYPE_THREADPOOL	(1 << 20)
+#define CAP_RTYPE_SPACEPOOL	(1 << 21)
+#define CAP_RTYPE_MUTEXPOOL	(1 << 22)
+#define CAP_RTYPE_MAPPOOL	(1 << 23) /* For pmd spending */
+#define CAP_RTYPE_CAPPOOL	(1 << 24) /* For new cap generation */

 #define cap_rtype(c)	((c)->type & CAP_RTYPE_MASK)
+#define cap_set_rtype(c, rtype)			\
+	{(c)->type &= CAP_RTYPE_MASK;		\
+	 (c)->type |= CAP_RTYPE_MASK & rtype;}

 /*
 * Access permissions
 */

+/* Generic permissions */
+#define CAP_CHANGEABLE		(1 << 28)	/* Can modify contents */
+#define CAP_TRANSFERABLE	(1 << 29)	/* Can grant or share it */
+#define CAP_REPLICABLE		(1 << 30)	/* Can create copies */
+
 /* Thread control capability */
 #define CAP_TCTRL_CREATE	(1 << 0)
 #define CAP_TCTRL_DESTROY	(1 << 1)
@@ -96,5 +102,8 @@
 #define CAP_CAP_GRANT		(1 << 1)
 #define CAP_CAP_READ		(1 << 2)
 #define CAP_CAP_SHARE		(1 << 3)
+#define CAP_CAP_REPLICATE	(1 << 4)
+#define CAP_CAP_SPLIT		(1 << 5)
+#define CAP_CAP_DEDUCE		(1 << 6)

 #endif /* __CAP_TYPES_H__ */
--- a/include/l4/generic/capability.h
+++ b/include/l4/generic/capability.h
@@ -66,7 +66,7 @@ struct capability {
 	/* Capability limits/permissions */
 	u32 access;		/* Permitted operations */

-	/* Limits on the resource */
+	/* Limits on the resource (NOTE: must never have signed type) */
 	unsigned long start;	/* Resource start value */
 	unsigned long end;	/* Resource end value */
 	unsigned long size;	/* Resource size */
@@ -139,6 +139,7 @@ struct capability *capability_find_by_rtype(struct ktcb *task,

 struct capability *cap_list_find_by_rtype(struct cap_list *clist,
 					  unsigned int rtype);
+struct capability *cap_find_byid(l4id_t capid);

 /* Capability checking on system calls */
 int cap_map_check(struct ktcb *task, unsigned long phys, unsigned long virt,