Merge branch 'master' into devel

src/api/ipc.c

@@ -539,11 +539,14 @@ int sys_ipc(l4id_t to, l4id_t from, unsigned int flags)
 	int ret = 0;
 
 	/* Check arguments */
-	if (from < L4_ANYTHREAD) {
+	if (task_id_special(from) &&
+	    from != L4_ANYTHREAD && from != L4_NILTHREAD) {
 		ret = -EINVAL;
 		goto error;
 	}
-	if (to < L4_ANYTHREAD) {
+
+	if (task_id_special(to) &&
+	    to != L4_ANYTHREAD && to != L4_NILTHREAD) {
 		ret = -EINVAL;
 		goto error;
 	}

src/api/syscall.c

@@ -48,6 +48,7 @@ int sys_getid(struct task_ids *ids)
 	ids->tid = this->tid;
 	ids->spid = this->space->spid;
 	ids->tgid = this->tgid;
+	ids->cid = this->container->cid;
 
 	return 0;
 }

src/generic/capability.c

@@ -497,7 +497,6 @@ struct sys_map_args {
 	unsigned long virt;
 	unsigned long npages;
 	unsigned int flags;
-	unsigned int rtype;
 };
 
 /*
@@ -507,11 +506,12 @@ struct capability *cap_match_mem(struct capability *cap,
 				 void *args_ptr)
 {
 	struct sys_map_args *args = args_ptr;
+	struct ktcb *target = args->task;
 	unsigned long pfn;
 	unsigned int perms;
 
 	/* Set base according to what type of mem type we're matching */
-	if (args->rtype == CAP_RTYPE_PHYSMEM)
+	if (cap_type(cap) == CAP_TYPE_MAP_PHYSMEM)
 		pfn = __pfn(args->phys);
 	else
 		pfn = __pfn(args->virt);
@@ -542,21 +542,28 @@ struct capability *cap_match_mem(struct capability *cap,
 		return 0;
 	}
 
-	return cap;
-
 	/*
-	 * FIXME:
-	 *
-	 * Does it make sense to have a meaningful resid field
-	 * in a memory resource? E.g. Which resources may I map it to?
-	 * It might, as I can map an arbitrary mapping to an arbitrary
-	 * thread in my container and break it's memory integrity.
-	 *
-	 * It seems it would be reasonable for a pager to have memory
-	 * capabilities with a resid of its own id, and rtype of
-	 * CAP_RTYPE_CONTAINER, effectively allowing it to do map
-	 * operations on itself and its group of paged children.
+	 * We have a target thread, check if capability match
+	 * any resource fields in target
 	 */
+	switch (cap_rtype(cap)) {
+	case CAP_RTYPE_THREAD:
+		if (target->tid != cap->resid)
+			return 0;
+		break;
+	case CAP_RTYPE_SPACE:
+		if (target->space->spid != cap->resid)
+			return 0;
+		break;
+	case CAP_RTYPE_CONTAINER:
+		if (target->container->cid != cap->resid)
+			return 0;
+		break;
+	default:
+		BUG(); /* Unknown cap type is a bug */
+	}
+
+	return cap;
 }
 
 #if defined(CONFIG_CAPABILITIES)
@@ -601,14 +608,12 @@ int cap_map_check(struct ktcb *target, unsigned long phys, unsigned long virt,
 		.flags = flags,
 	};
 
-	args.rtype = CAP_RTYPE_PHYSMEM;
 	if (!(physmem =	cap_find(current, cap_match_mem,
-				 &args, CAP_TYPE_MAP)))
+				 &args, CAP_TYPE_MAP_PHYSMEM)))
 		return -ENOCAP;
 
-	args.rtype = CAP_RTYPE_VIRTMEM;
 	if (!(virtmem = cap_find(current, cap_match_mem,
-				 &args, CAP_TYPE_MAP)))
+				 &args, CAP_TYPE_MAP_VIRTMEM)))
 		return -ENOCAP;
 
 	return 0;

src/generic/resource.c

@@ -746,7 +746,7 @@ int process_cap_info(struct cap_info *cap,
 {
 	int ret = 0;
 
-	switch (cap->type & CAP_RTYPE_MASK) {
+	switch (cap_rtype(cap)) {
 	case CAP_RTYPE_THREADPOOL:
 		bootres->nthreads += cap->size;
 		break;
@@ -768,8 +768,10 @@ int process_cap_info(struct cap_info *cap,
 		/* Specifies how many new caps can be created */
 		bootres->ncaps += cap->size;
 		break;
+	}
 
-	case CAP_RTYPE_VIRTMEM:
+	switch (cap_type(cap)) {
+	case CAP_TYPE_MAP_VIRTMEM:
 		if ((ret = memcap_unmap(&kres->virtmem_free,
 			     		cap->start, cap->end))) {
 			if (ret < 0)
@@ -787,7 +789,7 @@ int process_cap_info(struct cap_info *cap,
 		}
 		break;
 
-	case CAP_RTYPE_PHYSMEM:
+	case CAP_TYPE_MAP_PHYSMEM:
 		if ((ret = memcap_unmap(&kres->physmem_free,
 					cap->start, cap->end))) {
 			if (ret < 0)
@@ -804,8 +806,8 @@ int process_cap_info(struct cap_info *cap,
 			BUG();
 		}
 		break;
-	}
 
+	}
 	return ret;
 }