Integrated Test Container inside Baremetal container.

conts/baremetal/baremetal3/SConstruct

@@ -0,0 +1,59 @@
+# -*- mode: python; coding: utf-8; -*-
+#
+#  Codezero -- Virtualization microkernel for embedded systems.
+#
+#  Copyright © 2009  B Labs Ltd
+#
+import os, shelve, sys
+from os.path import *
+
+PROJRELROOT = '../..'
+
+sys.path.append(PROJRELROOT)
+
+from config.projpaths import *
+from config.configuration import *
+from config.lib import *
+
+config = configuration_retrieve()
+arch = config.arch
+
+
+LIBL4_RELDIR = 'conts/libl4'
+KERNEL_INCLUDE = join(PROJROOT, 'include')
+LIBL4_DIR = join(PROJROOT, LIBL4_RELDIR)
+LIBL4_INCLUDE = join(LIBL4_DIR, 'include')
+LIBL4_LIBPATH = join(BUILDDIR, LIBL4_RELDIR)
+
+# Locally important paths are here
+LIBC_RELDIR = 'conts/libc'
+LIBC_DIR = join(PROJROOT, LIBC_RELDIR)
+LIBC_LIBPATH = join(BUILDDIR, LIBC_RELDIR)
+LIBC_INCLUDE = [join(LIBC_DIR, 'include'), \
+                join(LIBC_DIR, 'include/arch' + '/' + arch)]
+
+LIBDEV_RELDIR = 'conts/libdev'
+LIBDEV_DIR = join(PROJROOT, LIBDEV_RELDIR)
+LIBDEV_LIBPATH = join(join(BUILDDIR, LIBDEV_RELDIR), 'sys-userspace')
+LIBDEV_INCLUDE = [join(LIBDEV_DIR, 'uart/include')]
+
+env = Environment(CC = 'arm-none-linux-gnueabi-gcc',
+		  # We don't use -nostdinc because sometimes we need standard headers,
+		  # such as stdarg.h e.g. for variable args, as in printk().
+		  CCFLAGS = ['-g', '-mcpu=arm926ej-s', '-nostdlib', '-ffreestanding', \
+			     '-std=gnu99', '-Wall', '-Werror'], \
+		  LINKFLAGS = ['-nostdlib', '-T' + "include/linker.lds", "-u_start"],\
+		  ASFLAGS = ['-D__ASSEMBLY__'], \
+		  PROGSUFFIX = '.elf',			# The suffix to use for final executable\
+		  ENV = {'PATH' : os.environ['PATH']},	# Inherit shell path\
+		  LIBS = ['gcc', 'libl4', 'c-userspace', 'libdev-userspace', 'gcc', 'c-userspace'],	# libgcc.a - This is required for division routines.
+		  CPPPATH = ["#include", KERNEL_INCLUDE, LIBL4_INCLUDE, LIBDEV_INCLUDE, LIBC_INCLUDE],
+          LIBPATH = [LIBL4_LIBPATH, LIBDEV_LIBPATH, LIBC_LIBPATH],
+		  CPPFLAGS = '-include l4/config.h -include l4/macros.h -include l4/types.h')
+
+src = Glob('*.[cS]')
+src += Glob('src/*.[cS]')
+
+objs = env.Object(src)
+prog = env.Program('main.elf', objs)
+Depends(prog, 'include/linker.lds')

conts/baremetal/baremetal3/container.c

@@ -0,0 +1,21 @@
+/*
+ * Container entry point for pager
+ *
+ * Copyright (C) 2007-2009 B Labs Ltd.
+ */
+
+#include <l4lib/init.h>
+#include <l4lib/utcb.h>
+
+
+extern void main(void);
+
+void __container_init(void)
+{
+	/* Generic L4 initialisation */
+	__l4_init();
+
+	/* Entry to main */
+	main();
+}
+

conts/baremetal/baremetal3/include/capability.h

@@ -0,0 +1,12 @@
+#ifndef __CAPABILITY_H__
+#define __CAPABILITY_H__
+
+#include <l4/api/capability.h>
+#include <l4/generic/capability.h>
+#include <l4/generic/cap-types.h>
+
+void capability_print(struct capability *cap);
+
+int caps_read_all();
+
+#endif /* __CAPABILITY_H__ */

conts/baremetal/baremetal3/include/tests.h

@@ -0,0 +1,7 @@
+#ifndef __TESTS_H__
+#define __TESTS_H__
+
+
+int capability_test(void);
+
+#endif /* __TESTS_H__ */

conts/baremetal/baremetal3/include/thread.h

@@ -0,0 +1,18 @@
+#ifndef __THREAD_H__
+#define __THREAD_H__
+
+#include <l4lib/arch/syslib.h>
+#include <l4lib/arch/syscalls.h>
+#include <l4lib/exregs.h>
+#include <l4/api/thread.h>
+
+
+int thread_create(int (*func)(void *), void *args, unsigned int flags,
+		  struct task_ids *new_ids);
+
+/* For same space */
+#define STACK_SIZE	0x1000
+
+#define THREADS_TOTAL	10
+
+#endif /* __THREAD_H__ */

conts/baremetal/baremetal3/main.c

@@ -0,0 +1,81 @@
+/*
+ * Main function for all tests
+ *
+ * Copyright (C) 2009 B Labs Ltd.
+ */
+#include <l4/api/errno.h>
+#include <container.h>
+#include <capability.h>
+#include <thread.h>
+#include <tests.h>
+#include <l4lib/arch/syslib.h>
+#include <l4lib/arch/syscalls.h>
+#include <l4/api/space.h>
+
+
+int exit_test_thread(void *arg)
+{
+	while (1)
+		;
+	//l4_thread_switch(0);
+	//l4_exit(5);
+	return 0;
+}
+
+int exit_test(void)
+{
+	int ret;
+	struct task_ids ids;
+
+	/* Create and run a new thread */
+	if ((ret = thread_create(exit_test_thread, 0,
+				 TC_SHARE_SPACE | TC_AS_PAGER,
+				 &ids)) < 0) {
+		printf("Top-level simple_pager creation failed.\n");
+		goto out_err;
+	} else
+		printf("Thread (%d) created successfully.\n", ids.tid);
+
+	// l4_thread_switch(0);
+
+	/* Kill it */
+	printf("Killing Thread (%d).\n", ids.tid);
+	if ((ret = l4_thread_control(THREAD_DESTROY, &ids)) < 0)
+		printf("Error: Killing Thread (%d), err = %d\n", ids.tid, ret);
+	else
+		printf("Success: Killed Thread (%d)\n", ids.tid);
+
+
+#if 0
+	/* Wait on it */
+	printf("Waiting on Thread (%d) to exit.\n", ids.tid);
+	if ((ret = l4_thread_control(THREAD_WAIT, &ids)) >= 0)
+		printf("Success. Paged child returned %d\n", ret);
+	else
+		printf("Error. Wait on (%d) failed. err = %d\n",
+		       ids.tid, ret);
+
+#endif
+	return 0;
+out_err:
+	BUG();
+}
+
+int main(void)
+{
+	printf("%s: Container %s started\n",
+	       __CONTAINER__, __CONTAINER_NAME__);
+
+	capability_test();
+
+	//exit_test();
+
+	/* Now quit to demo self-paging quit */
+	//l4_exit(0);
+
+	/* Now quit by null pointer */
+	//	*((int *)0) = 5;
+
+	return 0;
+}
+

conts/baremetal/baremetal3/src/arch

@@ -0,0 +1 @@
+arch-arm

conts/baremetal/baremetal3/src/arch-arm/new_thread.S

@@ -0,0 +1,11 @@
+#include <l4lib/arch/asm.h>
+
+
+BEGIN_PROC(setup_new_thread)
+	ldr	r0, [sp, #-4]!		@ Load first argument.
+	mov	lr, pc			@ Save return address
+	ldr	pc, [sp, #-4]!		@ Load function pointer from stack
+new_thread_exit:
+	b	new_thread_exit		@ We infinitely loop for now.
+END_PROC(setup_new_thread)
+

conts/baremetal/baremetal3/src/capability.c

@@ -0,0 +1,179 @@
+/*
+ * Capability-related userspace helpers
+ *
+ * Copyright (C) 2009 B Labs Ltd.
+ */
+#include <stdio.h>
+#include <capability.h>
+#include <l4lib/arch/syscalls.h>
+
+static struct capability cap_array[30];
+
+#if 0
+struct cap_group {
+	struct cap_list virtmem;
+	struct cap_list physmem;
+	struct cap_list threadpool;
+	struct cap_list tctrl;
+	struct cap_list exregs;
+	struct cap_list ipc;
+	struct cap_list mutex;
+	struct cap_list sched;
+	struct cap_list mutexpool;
+	struct cap_list spacepool;
+	struct cap_list cappool;
+};
+
+static inline struct capability *cap_get_thread()
+{
+
+}
+
+static inline struct capability *cap_get_space()
+{
+
+}
+
+static inline struct capability *cap_get_ipc()
+{
+
+}
+
+static inline struct capability *cap_get_virtmem()
+{
+
+}
+
+static inline struct capability *cap_get_physmem()
+{
+
+}
+
+static inline struct capability *cap_get_physmem(unsigned long phys)
+{
+
+}
+
+static inline struct capability *cap_get_virtmem(unsigned long virt)
+{
+
+}
+
+static inline struct capability *cap_get_byid(l4id_t id)
+{
+
+}
+
+
+void cap_share_single(struct capability *orig, struct capability *share, l4id_t target, unsigned int flags)
+{
+
+}
+
+void cap_grant_single(struct capability *orig, struct capability *share, l4id_t target, unsigned int flags)
+{
+}
+
+#endif
+
+void cap_print(struct capability *cap)
+{
+	printf("Capability id:\t\t\t%d\n", cap->capid);
+	printf("Capability resource id:\t\t%d\n", cap->resid);
+	printf("Capability owner id:\t\t%d\n",cap->owner);
+
+	switch (cap_type(cap)) {
+	case CAP_TYPE_TCTRL:
+		printf("Capability type:\t\t%s\n", "Thread Control");
+		break;
+	case CAP_TYPE_EXREGS:
+		printf("Capability type:\t\t%s\n", "Exchange Registers");
+		break;
+	case CAP_TYPE_MAP_PHYSMEM:
+		printf("Capability type:\t\t%s\n", "Map/Physmem");
+		break;
+	case CAP_TYPE_MAP_VIRTMEM:
+		printf("Capability type:\t\t%s\n", "Map/Virtmem");
+		break;
+
+	case CAP_TYPE_IPC:
+		printf("Capability type:\t\t%s\n", "Ipc");
+		break;
+	case CAP_TYPE_UMUTEX:
+		printf("Capability type:\t\t%s\n", "Mutex");
+		break;
+	case CAP_TYPE_QUANTITY:
+		printf("Capability type:\t\t%s\n", "Quantitative");
+		break;
+	default:
+		printf("Capability type:\t\t%s\n", "Unknown");
+		break;
+	}
+
+	switch (cap_rtype(cap)) {
+	case CAP_RTYPE_THREAD:
+		printf("Capability resource type:\t%s\n", "Thread");
+		break;
+	case CAP_RTYPE_TGROUP:
+		printf("Capability resource type:\t%s\n", "Thread Group");
+		break;
+	case CAP_RTYPE_SPACE:
+		printf("Capability resource type:\t%s\n", "Space");
+		break;
+	case CAP_RTYPE_CONTAINER:
+		printf("Capability resource type:\t%s\n", "Container");
+		break;
+	case CAP_RTYPE_THREADPOOL:
+		printf("Capability resource type:\t%s\n", "Thread Pool");
+		break;
+	case CAP_RTYPE_SPACEPOOL:
+		printf("Capability resource type:\t%s\n", "Space Pool");
+		break;
+	case CAP_RTYPE_MUTEXPOOL:
+		printf("Capability resource type:\t%s\n", "Mutex Pool");
+		break;
+	case CAP_RTYPE_MAPPOOL:
+		printf("Capability resource type:\t%s\n", "Map Pool (PMDS)");
+		break;
+	case CAP_RTYPE_CPUPOOL:
+		printf("Capability resource type:\t%s\n", "Cpu Pool");
+		break;
+	case CAP_RTYPE_CAPPOOL:
+		printf("Capability resource type:\t%s\n", "Capability Pool");
+		break;
+	default:
+		printf("Capability resource type:\t%s\n", "Unknown");
+		break;
+	}
+	printf("\n");
+}
+
+int caps_read_all(void)
+{
+	int ncaps;
+	int err;
+
+	/* Read number of capabilities */
+	if ((err = l4_capability_control(CAP_CONTROL_NCAPS,
+					 0, &ncaps)) < 0) {
+		printf("l4_capability_control() reading # of"
+		       " capabilities failed.\n Could not "
+		       "complete CAP_CONTROL_NCAPS request.\n");
+		BUG();
+	}
+
+	/* Read all capabilities */
+	if ((err = l4_capability_control(CAP_CONTROL_READ,
+					 0, cap_array)) < 0) {
+		printf("l4_capability resource_control() reading of "
+		       "capabilities failed.\n Could not "
+		       "complete CAP_CONTROL_READ_CAPS request.\n");
+		BUG();
+	}
+
+	for (int i = 0; i < ncaps; i++)
+		cap_print(&cap_array[i]);
+
+	return 0;
+}
+

conts/baremetal/baremetal3/src/captest.c

@@ -0,0 +1,147 @@
+#include <thread.h>
+#include <capability.h>
+#include <container.h>
+#include <tests.h>
+#include <l4/api/errno.h>
+#include <l4lib/arch/syslib.h>
+
+int simple_pager_thread(void *arg)
+{
+	int err;
+	int res = *(int *)arg;
+	struct task_ids ids;
+	int testres = 0;
+
+	l4_getid(&ids);
+
+	//printf("Thread spawned from pager, "
+	//       "trying to create new thread.\n");
+	err = l4_thread_control(THREAD_CREATE |
+				TC_SHARE_SPACE |
+				TC_AS_PAGER, &ids);
+
+	if (res == 0)
+		if (err == -ENOCAP ||
+		    err == -ENOMEM) {
+			//printf("Creation failed with %d "
+			//       "as expected.\n", err);
+			testres = 0;
+		} else {
+			printf("Creation was supposed to fail "
+			       "with %d or %d, but err = %d\n",
+			       -ENOMEM, -ENOCAP, err);
+			testres = 1;
+		}
+	else
+		if (err == 0) {
+			// printf("Creation succeeded as expected.\n");
+			testres = 0;
+		} else {
+			printf("Creation was supposed to succeed, "
+			       "but err = %d\n", err);
+			testres = 1;
+		}
+
+	/* Destroy thread we created */
+	if (err == 0 &&
+	    res == 0)
+		l4_thread_control(THREAD_DESTROY, &ids);
+
+	/* Destroy self */
+	l4_exit(testres);
+
+	return 0;
+}
+
+int wait_check_test(struct task_ids *ids)
+{
+	int result;
+
+	/* Wait for thread to finish */
+	//result = l4_thread_control(THREAD_WAIT, ids);
+	if (result < 0) {
+		printf("Waiting on (%d)'s exit failed.\n", ids->tid);
+		return -1;
+	} else if (result > 0) {
+		printf("Top-level test has failed\n");
+	}
+	/* Else it is a success */
+	return 0;
+}
+
+int capability_test(void)
+{
+	int err;
+	struct task_ids ids;
+	int TEST_MUST_FAIL = 0;
+	int TEST_MUST_SUCCEED = 1;
+
+	/* Read pager capabilities */
+	caps_read_all();
+
+	/*
+	 * Create new thread that will attempt
+	 * a pager privileged operation
+	 */
+	if ((err = thread_create(simple_pager_thread,
+				 &TEST_MUST_FAIL,
+				 TC_SHARE_SPACE, &ids)) < 0) {
+		printf("Top-level simple_pager creation failed.\n");
+		goto out_err;
+	}
+
+	/* Wait for test to finish and check result */
+	if (wait_check_test(&ids) < 0)
+		goto out_err;
+
+#if 0
+	/* Destroy test thread */
+	if ((err = l4_thread_control(THREAD_DESTROY, &ids)) < 0) {
+		printf("Destruction of top-level simple_pager failed.\n");
+		BUG();
+	}
+#endif
+
+	/*
+	 * Share operations with the same thread
+	 * group
+	 */
+	if ((err = l4_capability_control(CAP_CONTROL_SHARE,
+					 CAP_SHARE_CONTAINER, 0)) < 0) {
+		printf("Sharing capability with thread group failed.\n");
+		goto out_err;
+	}
+
+	/*
+	 * Create new thread that will attempt a pager privileged
+	 * operation. This should succeed as we shared caps with
+	 * the thread group.
+	 */
+	if ((err = thread_create(simple_pager_thread,
+				 &TEST_MUST_SUCCEED,
+				 TC_SHARE_SPACE |
+				 TC_SHARE_GROUP, &ids)) < 0) {
+		printf("Top-level simple_pager creation failed.\n");
+		goto out_err;
+	}
+
+	/* Wait for test to finish and check result */
+	if (wait_check_test(&ids) < 0)
+		goto out_err;
+
+#if 0
+	/* Destroy test thread */
+	if ((err = l4_thread_control(THREAD_DESTROY, &ids)) < 0) {
+		printf("Destruction of top-level simple_pager failed.\n");
+		BUG();
+	}
+#endif
+
+	printf("Capability Sharing Test		-- PASSED --\n");
+
+	return 0;
+
+out_err:
+	printf("Capability Sharing Test		-- FAILED --\n");
+	return 0;
+}

conts/baremetal/baremetal3/src/example.c

@@ -0,0 +1,220 @@
+
+#if 0
+
+int mutex_user_thread(void *arg)
+{
+	/* TODO: Create and access a mutex */
+}
+
+int independent_thread(void *arg)
+{
+	/* TODO: Do whatever syscall available */
+}
+
+
+/*
+ * This example demonstrates how the capability-based
+ * security model can be bypassed and taken out of the
+ * way for the sake of implementing an application that
+ * doesn't worry too much about security.
+ *
+ * The benefit is that the user does neither worry about
+ * capabilities nor using its api to design correctly
+ * secure systems. The downside is that the system is
+ * less security-enforced, i.e. all parties must be
+ * trusted.
+ */
+int multi_threaded_nocaps_example(void)
+{
+	/*
+	 * We are the first pager with capabilities to
+	 * create new tasks, spaces, in its own container.
+	 */
+	pager_read_caps();
+
+	/*
+	 * We have all our capabilities private to us.
+	 *
+	 * If we create a new task, it won't be able to
+	 * any kernel operations that we can do, because
+	 * we hold our capabilities privately.
+	 *
+	 * In order to settle all capability access issues
+	 * once and for all threads we will create and manage,
+	 * we share our capabilities with the most global
+	 * collection possible.
+	 */
+
+	/*
+	 * Share all of our capabilities with all threads
+	 * in the same container.
+	 *
+	 * From this point onwards, any thread we create and
+	 * manage (i.e. whose container id is equal to our
+	 * container id) will have the ability to leverage
+	 * all of our capabilities as defined for us at
+	 * configuration time.
+	 */
+	l4_cap_share(0, CAP_SHARE_CONTAINER | CAP_SHARE_ALL, self_tid());
+
+
+	/*
+	 * Lets try it.
+	 *
+	 * Create new thread that we don't have any hieararchical
+	 * relationship, i.e. one that is a pager of itself, one
+	 * that runs in a new address space, and in a new thread
+	 * group. All we share is the container.
+	 */
+	if ((err = thread_create(independent_thread, 0,
+				 TC_NO_SHARING, &ids)) < 0) {
+		printf("mutex_user_thread creation failed.\n");
+		goto out_err;
+	}
+
+	/*
+	 * We can inspect the new thread by doing an ipc to it.
+	 * NOTE:
+	 *
+	 * We are able to send to this thread from the start,
+	 * as we had a container-wide ipc capability defined at
+	 * config-time.
+	 *
+	 * But we would not be able to receive from it, if we
+	 * did not share this capability with the container. It
+	 * would have no rights to do a send to us. But because
+	 * we're in the same container, and we shared our
+	 * capability, it now can.
+	 */
+	if ((err = l4_recv(ids->tid, ids->tid, 0)) < 0) {
+		print_err("%s: L4 IPC Error: %d.\n", __FUNCTION__, fd);
+		goto out_err;
+	}
+
+	/*
+	 * From this point onwards we can create more threads
+	 * without worrying about whether they have the caps
+	 * to do certain ops, and the caps api. because we shared
+	 * them all at the beginning.
+	 */
+
+out_err:
+	BUG();
+}
+
+/*
+ * This example demonstrates how a pager would
+ * share part of its capabilities on the system
+ * with its children.
+ *
+ * The example includes sharing of a mutex
+ * capability with a paged-child.
+ */
+int multi_threaded_capability_sharing_example(void)
+{
+	struct capability *mutex_cap;
+	int thread_retval;
+
+	/*
+	 * We are the first pager with capabilities to
+	 * create new tasks, spaces, in its own container.
+	 */
+	pager_read_caps();
+
+	/*
+	 * We have all our capabilities private to us.
+	 *
+	 * If we create a new task, it won't be able to
+	 * create and use userspace mutexes, because we
+	 * hold mutex capabilities privately.
+	 *
+	 * Lets try it.
+	 */
+
+	/*
+	 * Create new thread that will attempt
+	 * a mutex operation, and die on us with a
+	 * negative return code if it fails.
+	 */
+	if ((err = thread_create(mutex_user_thread, 0,
+				 TC_SHARE_SPACE |
+				 TC_AS_PAGER, &ids)) < 0) {
+		printf("mutex_user_thread creation failed.\n");
+		goto out_err;
+	}
+
+	/* Check on how the thread has done */
+	if ((err = l4_thread_wait_on(ids, &thread_retval)) < 0) {
+		print("Waiting on thread %d failed. err = %d\n",
+		      ids->tid, err);
+		goto out_err;
+	}
+
+	if (thread_retval == 0) {
+		printf("Thread %d returned with success, where "
+		       "we expected failure.\n", ids->tid);
+		goto out_err;
+	}
+
+	/*
+	 * Therefore, we share our capabilities with a
+	 * collection so that our capabilities may be also
+	 * used by them.
+	 */
+
+	/* Get our private mutex cap */
+	mutex_cap = cap_get(CAP_TYPE_MUTEX);
+
+	/* We have ability to create and use this many mutexes */
+	printf("%s: We have ability to create/use %d mutexes\n",
+	       self_tid(), mutex_cap->size);
+
+	/* Split it */
+	cap_new = cap_split(mutex_cap, 10, CAP_SPLIT_SIZE);
+
+	/*
+	 * Share the split part with paged-children.
+	 *
+	 * From this point onwards, any thread we create and
+	 * manage (i.e. whose pagerid == self_tid()) will have
+	 * the ability to use mutexes, as defined by cap_new
+	 * we created.
+	 */
+	l4_cap_share(cap_new, CAP_SHARE_PGGROUP, self_tid());
+
+	/*
+	 * Create new thread that will attempt
+	 * a mutex operation, and die on us with a
+	 * negative return code if it fails.
+	 */
+	if ((err = thread_create(mutex_user_thread, 0,
+				 TC_SHARE_SPACE |
+				 TC_AS_PAGER, &ids)) < 0) {
+		printf("mutex_user_thread creation failed.\n");
+		goto out_err;
+	}
+
+	/* Check on how the thread has done */
+	if ((err = l4_thread_wait_on(ids, &thread_retval)) < 0) {
+		printf("Waiting on thread %d failed. err = %d\n",
+		      ids->tid, err);
+		goto out_err;
+	}
+
+	if (thread_retval < 0) {
+		printf("Thread %d returned with failure, where "
+		       "we expected success.\n", ids->tid);
+		goto out_err;
+	}
+
+out_err:
+	BUG();
+}
+
+
+
+
+
+
+#endif
+

conts/baremetal/baremetal3/src/thread.c

@@ -0,0 +1,73 @@
+/*
+ * Thread creation userspace helpers
+ *
+ * Copyright (C) 2009 B Labs Ltd.
+ */
+#include <thread.h>
+#include <l4/api/errno.h>
+
+char stack[THREADS_TOTAL][STACK_SIZE] ALIGN(8);
+char *__stack_ptr = &stack[1][0];
+
+char utcb[THREADS_TOTAL][UTCB_SIZE] ALIGN(8);
+char *__utcb_ptr = &utcb[1][0];
+
+extern void setup_new_thread(void);
+
+int thread_create(int (*func)(void *), void *args, unsigned int flags,
+		  struct task_ids *new_ids)
+{
+	struct task_ids ids;
+	struct exregs_data exregs;
+	int err;
+
+	l4_getid(&ids);
+
+	/* Shared space only */
+	if (!(TC_SHARE_SPACE & flags)) {
+		printf("%s: This function allows only "
+		       "shared space thread creation.\n",
+		       __FUNCTION__);
+		return -EINVAL;
+	}
+
+	/* Create thread */
+	if ((err = l4_thread_control(THREAD_CREATE | flags, &ids)) < 0)
+		return err;
+
+	/* Check if more stack/utcb available */
+	if ((unsigned long)__utcb_ptr ==
+	    (unsigned long)&utcb[THREADS_TOTAL][0])
+		return -ENOMEM;
+	if ((unsigned long)__stack_ptr ==
+	    (unsigned long)&stack[THREADS_TOTAL][0])
+		return -ENOMEM;
+
+	/* First word of new stack is arg */
+	((unsigned long *)__stack_ptr)[-1] = (unsigned long)args;
+
+	/* Second word of new stack is function address */
+	((unsigned long *)__stack_ptr)[-2] = (unsigned long)func;
+
+	/* Setup new thread pc, sp, utcb */
+	memset(&exregs, 0, sizeof(exregs));
+	exregs_set_stack(&exregs, (unsigned long)__stack_ptr);
+	exregs_set_utcb(&exregs, (unsigned long)__utcb_ptr);
+	exregs_set_pc(&exregs, (unsigned long)setup_new_thread);
+
+	if ((err = l4_exchange_registers(&exregs, ids.tid)) < 0)
+		return err;
+
+	/* Update utcb, stack pointers */
+	__stack_ptr += STACK_SIZE;
+	__utcb_ptr += UTCB_SIZE;
+
+	/* Start the new thread */
+	if ((err = l4_thread_control(THREAD_RUN, &ids)) < 0)
+		return err;
+
+	memcpy(new_ids, &ids, sizeof(ids));
+
+	return 0;
+}
+