Capability replicate/deduce/share tested with mm0.

2026-02-27 09:13:13 +01:00 · 2009-11-07 23:45:57 +02:00
parent e8f002f879
commit b136b79a2d
5 changed files with 94 additions and 39 deletions
--- a/conts/posix/mm0/include/capability.h
+++ b/conts/posix/mm0/include/capability.h
@@ -35,6 +35,48 @@ struct capability {
 };
 static inline void cap_list_init(struct cap_list *clist)
 {
 	clist->ncaps = 0;
 	link_init(&clist->caps);
 }
 static inline void cap_list_insert(struct capability *cap,
 				   struct cap_list *clist)
 {
 	list_insert(&cap->list, &clist->caps);
 	clist->ncaps++;
 }
 /* Detach a whole list of capabilities from list head */
 static inline struct capability *
 cap_list_detach(struct cap_list *clist)
 {
 	struct link *list = list_detach(&clist->caps);
 	clist->ncaps = 0;
 	return link_to_struct(list, struct capability, list);
 }
 /* Attach a whole list of capabilities to list head */
 static inline void cap_list_attach(struct capability *cap,
 				   struct cap_list *clist)
 {
 	/* Attach as if cap is the list and clist is the element */
 	list_insert(&clist->caps, &cap->list);
 	/* Count the number of caps attached */
 	list_foreach_struct(cap, &clist->caps, list)
 		clist->ncaps++;
 }
 static inline void cap_list_move(struct cap_list *to,
 				 struct cap_list *from)
 {
 	struct capability *cap_head = cap_list_detach(from);
 	cap_list_attach(cap_head, to);
 }
 extern struct cap_list capability_list;
 struct initdata;
--- a/conts/posix/mm0/mm/init.c
+++ b/conts/posix/mm0/mm/init.c
@@ -163,7 +163,9 @@ void copy_boot_capabilities(int ncaps)
 {
 	struct capability *cap;
 	capability_list.ncaps = 0;
 	link_init(&capability_list.caps);
 	for (int i = 0; i < total_caps; i++) {
 		cap = kzalloc(sizeof(struct capability));
@@ -174,9 +176,8 @@ void copy_boot_capabilities(int ncaps)
 		link_init(&cap->list);
 		/* Add capability to global cap list */
-		list_insert(&cap->list, &capability_list.caps);
+		cap_list_insert(cap, &capability_list);
 	}
 	capability_list.ncaps = ncaps;
 }
 #if 0
@@ -305,8 +306,13 @@ void cap_print(struct capability *cap)
 void cap_list_print(struct cap_list *cap_list)
 {
 	struct capability *cap;
 	printf("Capabilities\n"
 	       "~~~~~~~~~~~~\n");
 	list_foreach_struct(cap, &cap_list->caps, list)
 		cap_print(cap);
 	printf("\n");
 }
 /*
 * Replicate, deduce and grant to children the capability to
@@ -320,18 +326,18 @@ void cap_list_print(struct cap_list *cap_list)
 * into a capability to only talk to our current space. Our space is a
 * reduced target, since it is a subset contained in our container.
 */
-int setup_children_caps(int total_caps, struct cap_list *capability_list)
+int setup_children_caps(int total_caps, struct cap_list *cap_list)
 {
-	struct capability ipc_cap, *cap;
+	struct capability *ipc_cap, *cap;
 	struct task_ids ids;
 	int err;
 	l4_getid(&ids);
-	cap_list_print(capability_list);
+	cap_list_print(cap_list);
 	/* Find out our own ipc capability on our own container */
-	list_foreach_struct(cap, &capability_list->caps, list) {
+	list_foreach_struct(cap, &cap_list->caps, list) {
 		if (cap_type(cap) == CAP_TYPE_IPC &&
 		    cap_rtype(cap) == CAP_RTYPE_CONTAINER &&
 		    cap->resid == __cid(ids.tid))
@@ -343,20 +349,25 @@ int setup_children_caps(int total_caps, struct cap_list *capability_list)
 	BUG();
 found:
 	/* Create a new capability */
 	BUG_ON(!(ipc_cap = kzalloc(sizeof(*ipc_cap))));
 	/* Copy it over to new ipc cap buffer */
-	memcpy(&ipc_cap, cap, sizeof (*cap));
+	memcpy(ipc_cap, cap, sizeof (*cap));
 	/* Replicate the ipc capability, giving original as reference */
 	if ((err = l4_capability_control(CAP_CONTROL_REPLICATE,
-					 0, 0, 0, &ipc_cap)) < 0) {
+					 0, 0, 0, ipc_cap)) < 0) {
 		printf("l4_capability_control() replication of "
 		       "ipc capability failed.\n Could not "
 		       "complete CAP_CONTROL_REPLICATE request on cap (%d), "
-		       "err = %d.\n", ipc_cap.capid, err);
+		       "err = %d.\n", ipc_cap->capid, err);
 		BUG();
 	}
-	cap_list_print(capability_list);
+	/* Add it to list */
 	cap_list_insert(ipc_cap, cap_list);
 	cap_list_print(cap_list);
 	/*
 	 * The returned capability is a replica.
@@ -364,18 +375,18 @@ found:
 	 * Now deduce it such that it applies to talking only to us,
 	 * instead of to the whole container as original.
 	 */
-	cap_set_rtype(&ipc_cap, CAP_RTYPE_SPACE);
+	cap_set_rtype(ipc_cap, CAP_RTYPE_SPACE);
-	ipc_cap.resid = __cid(ids.spid); /* This space is target resource */
+	ipc_cap->resid = ids.spid; /* This space is target resource */
 	if ((err = l4_capability_control(CAP_CONTROL_DEDUCE,
-					 0, 0, 0, &ipc_cap)) < 0) {
+					 0, 0, 0, ipc_cap)) < 0) {
 		printf("l4_capability_control() deduction of "
 		       "ipc capability failed.\n Could not "
 		       "complete CAP_CONTROL_DEDUCE request on cap (%d), "
-		       "err = %d.\n", ipc_cap.capid, err);
+		       "err = %d.\n", ipc_cap->capid, err);
 		BUG();
 	}
-	cap_list_print(capability_list);
+	cap_list_print(cap_list);
 	/*
 	 * Share it with our container.
@@ -384,13 +395,14 @@ found:
 	 * to communicate to us only, and be able to do nothing else.
 	 */
 	if ((err = l4_capability_control(CAP_CONTROL_SHARE, CAP_SHARE_SINGLE,
-					 ipc_cap.capid, 0, 0)) < 0) {
+					 ipc_cap->capid, 0, 0)) < 0) {
 		printf("l4_capability_control() sharing of "
 		       "capabilities failed.\n Could not "
 		       "complete CAP_CONTROL_SHARE request.\n");
 		BUG();
 	}
-	cap_list_print(capability_list);
+	cap_list_print(cap_list);
 	return 0;
 }
--- a/include/l4/generic/cap-types.h
+++ b/include/l4/generic/cap-types.h
@@ -37,7 +37,7 @@
 #define cap_rtype(c)	((c)->type & CAP_RTYPE_MASK)
 #define cap_set_rtype(c, rtype)			\
-	{(c)->type &= CAP_RTYPE_MASK;		\
+	{(c)->type &= ~CAP_RTYPE_MASK;		\
 	 (c)->type |= CAP_RTYPE_MASK & rtype;}
 /*
--- a/src/api/cap.c
+++ b/src/api/cap.c
@@ -306,13 +306,13 @@ int cap_deduce(struct capability *new)
 * orig = orig - diff;
 * new = diff;
 */
-int cap_split(l4id_t capid, struct capability *diff)
+int cap_split(struct capability *diff)
 {
 	struct capability *orig, *new;
 	/* Find original capability */
-	if (!(orig = cap_find_byid(capid)))
+	if (!(orig = cap_find_byid(diff->capid)))
-		return -ENOCAP;
+		return -EEXIST;
 	/* Check target type/resid/owner is the same */
 	if (orig->type != diff->type ||
@@ -421,12 +421,13 @@ int cap_split(l4id_t capid, struct capability *diff)
 * system, but as it is not a quantity, this does not increase
 * the capabilities of the caller in any way.
 */
-int cap_replicate(l4id_t capid, struct capability *dupl)
+int cap_replicate(struct capability *dupl)
 {
 	struct capability *new, *orig;
 	/* Find original capability */
-	orig = cap_find_byid(capid);
+	if (!(orig = cap_find_byid(dupl->capid)))
 		return -EEXIST;
 	/* Check that caller is owner */
 	if (orig->owner != current->tid)
@@ -450,21 +451,21 @@ int cap_replicate(l4id_t capid, struct capability *dupl)
 		return -ENOCAP;
 	/* Copy all except capid & listptrs */
-	new->resid = orig->resid;
+	dupl->resid = new->resid = orig->resid;
-	new->owner = orig->owner;
+	dupl->owner = new->owner = orig->owner;
-	new->type = orig->type;
+	dupl->type = new->type = orig->type;
-	new->access = orig->access;
+	dupl->access = new->access = orig->access;
-	new->start = orig->start;
+	dupl->start = new->start = orig->start;
-	new->end = orig->end;
+	dupl->end = new->end = orig->end;
-	new->size = orig->size;
+	dupl->size = new->size = orig->size;
-	new->used = orig->used;
+	dupl->used = new->used = orig->used;
 	/* Copy new fields */
 	dupl->capid = new->capid;
 	/* Add it to most private list */
 	cap_list_insert(new, TASK_CAP_LIST(current));
 	/* Return new capability to user */
 	memcpy(dupl, new, sizeof(*new));
 	return 0;
 }
@@ -474,7 +475,7 @@ int cap_replicate(l4id_t capid, struct capability *dupl)
 int sys_capability_control(unsigned int req, unsigned int flags,
 			   l4id_t capid, l4id_t target, void *userbuf)
 {
-	int err;
+	int err = 0;
 	/*
 	 * Check capability to do a capability operation.
@@ -509,7 +510,7 @@ int sys_capability_control(unsigned int req, unsigned int flags,
 		err = cap_grant(flags, capid, target);
 		break;
 	case CAP_CONTROL_SPLIT:
-		err = cap_split(capid, (struct capability *)userbuf);
+		err = cap_split((struct capability *)userbuf);
 		break;
 	case CAP_CONTROL_REPLICATE:
 		if ((err = check_access((unsigned long)userbuf,
@@ -517,7 +518,7 @@ int sys_capability_control(unsigned int req, unsigned int flags,
 					MAP_USR_RW_FLAGS, 1)) < 0)
 			return err;
-		err = cap_replicate(capid, (struct capability *)userbuf);
+		err = cap_replicate((struct capability *)userbuf);
 		break;
 	case CAP_CONTROL_DEDUCE:
 		if ((err = check_access((unsigned long)userbuf,
@@ -527,12 +528,11 @@ int sys_capability_control(unsigned int req, unsigned int flags,
 		err = cap_deduce((struct capability *)userbuf);
 		break;
 	default:
 		/* Invalid request id */
 		return -EINVAL;
 	}
-	return 0;
+	return err;
 }
--- a/src/api/ipc.c
+++ b/src/api/ipc.c
@@ -537,6 +537,7 @@ int sys_ipc(l4id_t to, l4id_t from, unsigned int flags)
 {
 	unsigned int ipc_type = 0;
 	int ret = 0;
 	struct ktcb *t = current; if (!t);
 	/* Check arguments */
 	if (task_id_special(from) &&