Context Navigation

-              recf3722
+              r2bb8648
 tables.
 .2 Single global page hash table
 …
 There is only one global page hash table in the system shared by all address
 spaces.
+. Memory allocators
 .1 General allocator

generic/include/ddi/ddi.h

recf3722	r2bb8648
36	36	extern __native sys_physmem_map(ddi_memarg_t *uspace_mem_arg);
37	37	extern __native sys_iospace_enable(ddi_ioarg_t *uspace_io_arg);
	38	extern __native sys_preempt_control(int enable);
38	39
39	40	/*

generic/include/security/cap.h

-              recf3722
+              r2bb8648
 #define __CAP_H__
+#include <syscall/sysarg64.h>
 #include <arch/types.h>
 #include <typedefs.h>
 …
 /**
  * CAP_PREEMPT_CONTROL allows its holder to disable interrupts
+ * CAP_PREEMPT_CONTROL allows its holder to disable/enable preemption.
  */
+#define CAP_PREEMPT_CONTROL         (1<<3)
+#define CAP_PREEMPT_CONTROL     (1<<3)
+/**
+ * CAP_IRQ_REG entitles its holder to register IRQ handlers.
+ */
+#define CAP_IRQ_REG             (1<<4)
 typedef __u32 cap_t;
 …
 extern cap_t cap_get(task_t *t);
+extern __native sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps);
+extern __native sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps);
 #endif

generic/include/syscall/syscall.h

-              recf3722
+              r2bb8648
         SYS_IO = 0,
         SYS_TLS_SET = 1, /* Hardcoded in AMD64,IA32 uspace - psthread.S */
-        SYS_PREEMPT_CONTROL,
         SYS_THREAD_CREATE,
         SYS_THREAD_EXIT,
 …
         SYS_IPC_REGISTER_IRQ,
         SYS_IPC_UNREGISTER_IRQ,
+        SYS_CAP_GRANT,
+        SYS_CAP_REVOKE,
         SYS_MAP_PHYSMEM,
         SYS_IOSPACE_ENABLE,
+        SYS_PREEMPT_CONTROL,
         SYSCALL_END
 } syscall_t;

generic/src/ddi/ddi.c

-              recf3722
+              r2bb8648
         return (__native) ddi_iospace_enable((task_id_t) arg.task_id, (__address) arg.ioaddr, (size_t) arg.size);
+}
+/** Disable or enable preemption.
+ *
+ * @param enable If non-zero, the preemption counter will be decremented, leading to potential
+ *               enabling of preemption. Otherwise the preemption counter will be incremented,
+ *               preventing preemption from occurring.
+ *
+ * @return Zero on success or EPERM if callers capabilities are not sufficient.
+ */
+__native sys_preempt_control(int enable)
+{
+        if (! cap_get(TASK) & CAP_PREEMPT_CONTROL)
+                return EPERM;
+        if (enable)
+                preemption_enable();
+        else
+                preemption_disable();
+        return 0;
+}

generic/src/ipc/sysipc.c

-              recf3722
+              r2bb8648
 #include <print.h>
 #include <syscall/copy.h>
+#include <security/cap.h>
 #define GET_CHECK_PHONE(phone,phoneid,err) { \
 …
 __native sys_ipc_register_irq(__native irq, irq_code_t *ucode)
+{
+        if (!(cap_get(TASK) & CAP_IRQ_REG))
+                return EPERM;
         if (irq >= IRQ_COUNT)
                 return -ELIMIT;
+                return (__native) ELIMIT;
         irq_ipc_bind_arch(irq);
 …
 __native sys_ipc_unregister_irq(__native irq)
+{
+        if (!(cap_get(TASK) & CAP_IRQ_REG))
+                return EPERM;
         if (irq >= IRQ_COUNT)
                 return -ELIMIT;
+                return (__native) ELIMIT;
         ipc_irq_unregister(&TASK->answerbox, irq);

generic/src/main/kinit.c

recf3722	r2bb8648
160	160	* Set capabilities to init userspace tasks.
161	161	*/
162		cap_set(utask, CAP_CAP \| CAP_MEM_MANAGER \| CAP_IO_MANAGER);
	162	cap_set(utask, CAP_CAP \| CAP_MEM_MANAGER \| CAP_IO_MANAGER \| CAP_PREEMPT_CONTROL);
163	163
164	164	if (!ipc_phone_0)

generic/src/mm/tlb.c

-              recf3722
+              r2bb8648
  * @file        tlb.c
  * @brief       Generic TLB shootdown algorithm.
+ *
+ * The algorithm implemented here is based on the CMU TLB shootdown
+ * algorithm and is further simplified (e.g. all CPUs receive all TLB
+ * shootdown messages).
  */

generic/src/security/cap.c

-              recf3722
+              r2bb8648
 #include <proc/task.h>
 #include <synch/spinlock.h>
+#include <syscall/sysarg64.h>
+#include <syscall/copy.h>
 #include <arch.h>
 #include <typedefs.h>
+#include <errno.h>
 /** Set capabilities.
 …
         return caps;
+}
+/** Grant capabilities to a task.
+ *
+ * The calling task must have the CAP_CAP capability.
+ *
+ * @param uspace_taskid_arg Userspace structure holding destination task ID.
+ * @param caps Capabilities to grant.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ */
+__native sys_cap_grant(sysarg64_t *uspace_taskid_arg, cap_t caps)
+{
+        sysarg64_t taskid_arg;
+        task_t *t;
+        ipl_t ipl;
+        int rc;
+        if (!(cap_get(TASK) & CAP_CAP))
+                return (__native) EPERM;
+        rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
+        if (rc != 0)
+                return (__native) rc;
+        ipl = interrupts_disable();
+        spinlock_lock(&tasks_lock);
+        t = task_find_by_id((task_id_t) taskid_arg.value);
+        if (!t) {
+                spinlock_unlock(&tasks_lock);
+                interrupts_restore(ipl);
+                return (__native) ENOENT;
+        }
+        spinlock_unlock(&tasks_lock);
+        cap_set(t, cap_get(t) | caps);
+        interrupts_restore(ipl);
+        return 0;
+}
+/** Revoke capabilities from a task.
+ *
+ * The calling task must have the CAP_CAP capability or the caller must
+ * attempt to revoke capabilities from itself.
+ *
+ * @param uspace_taskid_arg Userspace structure holding destination task ID.
+ * @param caps Capabilities to revoke.
+ *
+ * @return Zero on success or an error code from @ref errno.h.
+ */
+__native sys_cap_revoke(sysarg64_t *uspace_taskid_arg, cap_t caps)
+{
+        sysarg64_t taskid_arg;
+        task_t *t;
+        ipl_t ipl;
+        int rc;
+        rc = copy_from_uspace(&taskid_arg, uspace_taskid_arg, sizeof(sysarg64_t));
+        if (rc != 0)
+                return (__native) rc;
+        ipl = interrupts_disable();
+        spinlock_lock(&tasks_lock);
+        t = task_find_by_id((task_id_t) taskid_arg.value);
+        if (!t) {
+                spinlock_unlock(&tasks_lock);
+                interrupts_restore(ipl);
+                return (__native) ENOENT;
+        }
+        spinlock_unlock(&tasks_lock);
+        /*
+         * Revoking capabilities is different from granting them in that
+         * a task can revoke capabilities from itself even if it
+         * doesn't have CAP_CAP.
+         */
+        if (!(cap_get(TASK) & CAP_CAP) || !(t == TASK)) {
+                interrupts_restore(ipl);
+                return (__native) EPERM;
+        }
+        cap_set(t, cap_get(t) & ~caps);
+        interrupts_restore(ipl);
+        return 0;
+}

generic/src/syscall/syscall.c

-              recf3722
+              r2bb8648
 #include <synch/futex.h>
 #include <ddi/ddi.h>
+#include <security/cap.h>
 #include <syscall/copy.h>
 …
         return count;
+}
-static __native sys_preempt_control(int enable)
+{
-        if (! cap_get(TASK) & CAP_PREEMPT_CONTROL)
-                return EPERM;
-        if (enable)
-                preemption_enable();
-        else
-                preemption_disable();
-        return 0;
+}
 …
         sys_io,
         sys_tls_set,
+        sys_preempt_control,
         /* Thread and task related syscalls. */
         sys_thread_create,
 …
         sys_ipc_unregister_irq,
+        /* Capabilities related syscalls. */
+        sys_cap_grant,
+        sys_cap_revoke,
         /* DDI related syscalls. */
         sys_physmem_map,
+        sys_iospace_enable
+        sys_iospace_enable,
+        sys_preempt_control
 };

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 2bb8648 in mainline

Legend:

Download in other formats: