1. 11 May, 2017 2 commits
    • Josh Kunz's avatar
      Makes rp0s part of the node's secret c-space explicitly · 19b3c971
      Josh Kunz authored
      Previously, the cn_node_new would put the rp0 in the node's
      actual c-space, and the reset operation would put it in the node's
      secret c-space. Which meant that if the rp0 was fetched *after* the node
      was reset, it wouldn't function properly (since the capability would not
      be valid in the node's real principal).
      This commit fixes the implementation of rp0 to always put the rp0 in
      the secret c-space. This is probably a good idea to ensure that CapNet
      can always safely revoke the rp0 when the node is reset, but I believe
      the previous implementation was still safe. So now, when the node calls
      the `rp0` rpc, the node is explicitly granted its own rp0 from its secret
      This commit also fixes an improper-free bug after a principal is
      cleared. When the principal is cleared its refcount would be set to zero
      (due to a cal to _obj_init) instead of keeping the same refcount it had
      before the clear operation.
    • Josh Kunz's avatar
      Adds refcount debugging code · e8fae19e
      Josh Kunz authored
      By setting the hold debugging flags to true or false you can
      get logging information each time a lock is held or released.
  2. 02 Dec, 2016 3 commits
  3. 18 Oct, 2016 1 commit
  4. 13 Oct, 2016 4 commits
  5. 27 Sep, 2016 2 commits
  6. 20 Sep, 2016 2 commits
    • Josh Kunz's avatar
      Make cn_annotation_string a little more resilient · c2c2a0c9
      Josh Kunz authored
      Specifically it checks to ensure that the "declassifier" is not a
      special static declassifier before trying to dereference it.
    • Josh Kunz's avatar
      Don't update the `prev_owner` when granting sealer/unsealers · 4b3be262
      Josh Kunz authored
      `membrane_grant_single` would skip the grant if someone tried to grant
      a sealer unsealer (since sealer/unsealers are not supposed to ever be
      wrapped). However, `cn_membrane_grant` would still update the previous
      owner to be the membrane's secret cspace despite the fact that the grant
      never occurred so the sealer/unsealer did not exist in that c-space.
      This commit adds a new error code ESKIPPED that can be returned to
      signal that an operation was skipped, so tracking data structures don't
      necessarily need to be updated.
  7. 15 Sep, 2016 8 commits
  8. 04 Sep, 2016 1 commit
  9. 30 Aug, 2016 1 commit
  10. 23 Jun, 2016 3 commits
    • Josh Kunz's avatar
      Add lookup_wait to broker objects · 1082bc44
      Josh Kunz authored
      That way, we don't need to loop checking if a particular service has
      been registered or not
    • Josh Kunz's avatar
      Implement support for RP channels · 57f0ea56
      Josh Kunz authored
      This is achieved by adding a new "message" field to the rp_elem struct
      that can be set independent of the rp_elem "source". I also added a
      special source called "MESSAGE" that implies there is no cptr contained
      in an elem, only a message.
      I also modified the CPInvokeRPSendArgs in the protocol (and CN_RP_SEND
      stuff in dispatch) to support a cptr, a message or both.
      CN_RP_RECV (both in the dispatch and in obj.c) has been modified to
      support returning message, cptr, or both. This uses that new multi-item
      response stuff added previously to get both the message and cptr to the
      client if they are present. One part that temporarily tripped me up was
      correctly generating a cn_dispatch_result_t for waiting recvs. I fixed
      it by exposing the cn_dispatch_result_item generation stuff in
      dispatch.c to obj.c.
    • Josh Kunz's avatar
  11. 21 Jun, 2016 2 commits
  12. 20 Jun, 2016 1 commit
  13. 16 Jun, 2016 2 commits
  14. 15 Jun, 2016 1 commit
  15. 14 Jun, 2016 3 commits
  16. 13 Jun, 2016 2 commits
  17. 06 Jun, 2016 2 commits