Capability checking added as compiling code.

Capability checking for thread_control, exregs, mutex, cap_control,
ipc, and map system calls.

The visualised model is implemented in code that compiles, but
actual functionality hasn't been tested.

Need to add:
- Dynamic assignment of initial resources matching with what's
defined in the configuration.
- A paged-thread-group, since that would be a logical group of
seperation from a capability point-of-view.
- Resource ids for various tasks. E.g.
  - Memory capabilities don't have target resources.
  - Thread capability assumes current container for THREAD_CREATE.
  - Mutex syscall assumes current thread (this one may not need
    any changing)
  - cap_control syscall assumes current thread. It may happen to
    be that another thread's capability list is manipulated.

Last but not least:
- A simple and easy-to-use userspace library for dynamic expansion
  of resource domains as new resources are created such as threads.

include/l4/api/capability.h

@@ -10,6 +10,8 @@
 #define CAP_CONTROL_NCAPS		0x00
 #define CAP_CONTROL_READ		0x01
 #define CAP_CONTROL_SHARE		0x02
+#define CAP_CONTROL_GRANT		0x03
+#define CAP_CONTROL_MODIFY		0x05
 
 #define CAP_SHARE_MASK			0x1F
 #define CAP_SHARE_SPACE			0x01

include/l4/api/exregs.h

@@ -13,6 +13,27 @@
 
 #define EXREGS_SET_PAGER		1
 #define	EXREGS_SET_UTCB			2
+#define EXREGS_VALID_REGULAR_REGS 			\
+	(FIELD_TO_BIT(exregs_context_t, r0) |		\
+	 FIELD_TO_BIT(exregs_context_t, r1) |		\
+	 FIELD_TO_BIT(exregs_context_t, r2) |		\
+	 FIELD_TO_BIT(exregs_context_t, r3) |		\
+	 FIELD_TO_BIT(exregs_context_t, r4) |		\
+	 FIELD_TO_BIT(exregs_context_t, r5) |		\
+	 FIELD_TO_BIT(exregs_context_t, r6) |		\
+	 FIELD_TO_BIT(exregs_context_t, r7) |		\
+	 FIELD_TO_BIT(exregs_context_t, r8) |		\
+	 FIELD_TO_BIT(exregs_context_t, r9) |		\
+	 FIELD_TO_BIT(exregs_context_t, r10) |		\
+	 FIELD_TO_BIT(exregs_context_t, r11) |		\
+	 FIELD_TO_BIT(exregs_context_t, r12) |		\
+	 FIELD_TO_BIT(exregs_context_t, lr))		\
+
+#define EXREGS_VALID_SP 				\
+	FIELD_TO_BIT(exregs_context_t, sp)		\
+
+#define EXREGS_VALID_PC 				\
+	FIELD_TO_BIT(exregs_context_t, pc)		\
 
 /* Structure passed by userspace pagers for exchanging registers */
 struct exregs_data {

include/l4/api/ipc.h

@@ -12,6 +12,17 @@
 
 #if defined (__KERNEL__)
 
+/*
+ * ipc syscall uses an ipc_type variable and send/recv
+ * details are embedded in this variable.
+ */
+enum IPC_TYPE {
+	IPC_INVALID = 0,
+	IPC_SEND = 1,
+	IPC_RECV = 2,
+	IPC_SENDRECV = 3,
+};
+
 /* These are for internally created ipc paths. */
 int ipc_send(l4id_t to, unsigned int flags);
 int ipc_sendrecv(l4id_t to, l4id_t from, unsigned int flags);

include/l4/api/syscall.h

@@ -40,7 +40,7 @@ int sys_unmap(unsigned long virtual, unsigned long npages, unsigned int tid);
 int sys_space_control(void);
 int sys_ipc_control(void);
 int sys_map(unsigned long phys, unsigned long virt, unsigned long npages,
-	    unsigned long flags, unsigned int tid);
+	    unsigned int flags, l4id_t tid);
 int sys_getid(struct task_ids *ids);
 int sys_capability_control(unsigned int req, unsigned int flags, void *addr);
 int sys_container_control(unsigned int req, unsigned int flags, void *addr);

include/l4/generic/cap-types.h

@@ -17,7 +17,7 @@
 #define CAP_TYPE_SCHED		(1 << 4)
 #define CAP_TYPE_UMUTEX		(1 << 5)
 #define CAP_TYPE_QUANTITY	(1 << 6)
-
+#define CAP_TYPE_CAP		(1 << 7)
 #define cap_type(c)	((c)->type & CAP_TYPE_MASK)
 
 /*
@@ -57,7 +57,7 @@
 #define CAP_EXREGS_RW_UTCB	(1 << 1)
 #define CAP_EXREGS_RW_SP	(1 << 2)
 #define CAP_EXREGS_RW_PC	(1 << 3)
-#define CAP_EXREGS_RW_REGS	(1 << 4)
+#define CAP_EXREGS_RW_REGS	(1 << 4) /* Other regular regs */
 #define CAP_EXREGS_RW_CPU	(1 << 5)
 #define CAP_EXREGS_RW_CPUTIME	(1 << 6)
 
@@ -90,12 +90,12 @@
 
 /* Userspace mutex capability */
 #define CAP_UMUTEX_LOCK		(1 << 0)
+#define CAP_UMUTEX_UNLOCK	(1 << 1)
 
 /* Capability control capability */
-#define CAP_CAP_SPLIT		(1 << 0)
-#define CAP_CAP_SPLICE		(1 << 1)
-#define CAP_CAP_REDUCE		(1 << 2)
-#define CAP_CAP_REVOKE		(1 << 3)
-#define CAP_CAP_GRANT		(1 << 4)
+#define CAP_CAP_MODIFY		(1 << 0)
+#define CAP_CAP_GRANT		(1 << 1)
+#define CAP_CAP_READ		(1 << 2)
+#define CAP_CAP_SHARE		(1 << 3)
 
 #endif /* __CAP_TYPES_H__ */

include/l4/generic/capability.h

@@ -7,6 +7,7 @@
 #define __GENERIC_CAPABILITY_H__
 
 #include <l4/lib/list.h>
+#include <l4/api/exregs.h>
 
 /*
  * Some resources that capabilities possess don't
@@ -126,7 +127,10 @@ static inline void cap_list_move(struct cap_list *to,
 	cap_list_attach(cap_head, to);
 }
 
+/* Have to have these as tcb.h includes this file */
 struct ktcb;
+struct task_ids;
+
 /* Capability checking for quantitative capabilities */
 int capability_consume(struct capability *cap, int quantity);
 int capability_free(struct capability *cap, int quantity);
@@ -135,6 +139,18 @@ struct capability *capability_find_by_rtype(struct ktcb *task,
 
 struct capability *cap_list_find_by_rtype(struct cap_list *clist,
 					  unsigned int rtype);
+
+/* Capability checking on system calls */
+int cap_map_check(struct ktcb *task, unsigned long phys, unsigned long virt,
+		  unsigned long npages, unsigned int flags, l4id_t tid);
+int cap_thread_check(struct ktcb *task, unsigned int flags,
+		     struct task_ids *ids);
+int cap_exregs_check(struct ktcb *task, struct exregs_data *exregs);
+int cap_ipc_check(l4id_t to, l4id_t from,
+		  unsigned int flags, unsigned int ipc_type);
+int cap_cap_check(struct ktcb *task, unsigned int req, unsigned int flags);
+int cap_mutex_check(unsigned long mutex_address, int mutex_op);
+
 #if 0
 /* Virtual memory space allocated to container */
 struct capability cap_virtmap = {

include/l4/generic/resource.h

@@ -9,6 +9,7 @@
 
 /* Number of containers defined at compile-time */
 #include <l4/generic/capability.h>
+#include <l4/lib/list.h>
 #include <l4/lib/idpool.h>
 #include INC_SUBARCH(mm.h)
 

include/l4/generic/space.h

@@ -10,7 +10,7 @@
 #define MAP_USR_RW_FLAGS	0	/* CB as one would expect */
 #define MAP_USR_RO_FLAGS	1	/* CB as one would expect */
 #define MAP_SVC_RW_FLAGS	2	/* CB as one would expect */
-#define MAP_USR_IO_FLAGS	3	/* Non-CB, RW */
+#define MAP_USR_IO_FLAGS	3	/* Non-CB, RW TODO: How about RO one? */
 #define MAP_SVC_IO_FLAGS	4	/* Non-CB, RW */
 
 /* Some default aliases */

include/l4/generic/thread.h

@@ -11,7 +11,7 @@ void thread_id_pool_init(void);
 int thread_id_new(void);
 int thread_id_del(int tid);
 
-void task_destroy_current(void);
+void thread_destroy_current(void);
 void task_make_zombie(struct ktcb *task);
 
 #endif /* __GENERIC_THREAD_H__ */