l4_capability_control works well for almost all system calls
using a buffer pointer to the capability that it operates on.
Only for sharing/granting of capability lists, it is yet to be
decided how to provide a grant target id.
Capability checking for thread_control, exregs, mutex, cap_control,
ipc, and map system calls.
The visualised model is implemented in code that compiles, but
actual functionality hasn't been tested.
Need to add:
- Dynamic assignment of initial resources matching with what's
defined in the configuration.
- A paged-thread-group, since that would be a logical group of
seperation from a capability point-of-view.
- Resource ids for various tasks. E.g.
- Memory capabilities don't have target resources.
- Thread capability assumes current container for THREAD_CREATE.
- Mutex syscall assumes current thread (this one may not need
any changing)
- cap_control syscall assumes current thread. It may happen to
be that another thread's capability list is manipulated.
Last but not least:
- A simple and easy-to-use userspace library for dynamic expansion
of resource domains as new resources are created such as threads.
- Compiles and Codezero runs as normal without touching mutex implementation
- Mutex implementation needs testing.
The mutex control syscall allows userspace programs to declare any virtual
address as a mutex lock and ask for help from the kernel syscall
for resolving locking contentions.
sys_timer accumulates timer ticks into seconds, minutes, hours and days.
It's left to the user to calculate from days into a date. It is not yet
known if the calculation is even roughly correct.
Reduced 2 kmem_reclaim/grant calls into one kmem_control call.
