1. 11 Jan, 2016 3 commits
    • Charlie Jacobsen's avatar
      cnode-metadata: Adds metadata field to capability/cnode/slot. · 468c4b15
      Charlie Jacobsen authored
      Motivation: The libcap user may want to associate some contextual
      information for each capability (rather than with the object). For
      example, the LCD microkernel uses metadata to track whether a page
      referred to by a page capability has been mapped and where.
      This metadata field *is not* carried over to child capabilities
      during grant, and is NULL'd out when a capability is deleted from
      a cspace (so when the slot is used again, the field starts out as
      Internals note: The cnode will start out with NULL metadata as well
      when it is first used because we do a zalloc to create cnode tables.
    • Charlie Jacobsen's avatar
      static-cptr-cache: Adds lock to cptr cache, fixes race conditions in tests. · 8c39cffc
      Charlie Jacobsen authored
      All looks OK now.
      Few other misc things:
         - config.h header goes with install
         - Some debug code in cap.c.
         - Wasn't handling return value of make cnode table in cap.c.
      For now, until we (possibly) move stuff around, I'm including the
      internal header in the public header so that I have access to
      the cap mutex type. I'm considering re-working things so that this
      won't be necessary in the future. Temporary hack for now.
    • Charlie Jacobsen's avatar
      static-cptr-cache: Updates cptr and cspace code for new cache, and tests. · fc4c8ed8
      Charlie Jacobsen authored
      I'm seeing what appears to be race conditions in the tests, so
      we're not out of the woods yet. I think I just need to introduce
      a lock for the cptr cache. It wasn't originally designed to be
      thread safe since only one thread at a time was using it. But we
      need it now.
      There are a few other miscellaneous changes:
        - Moves cptr manipulation into public header. Doc cleanup.
        - cptr_init returns an integer now (non-zero signals failure).
        - Adds CAP_BUG macro. Library code invokes this to abort or signal
          a serious internal library error (e.g., unexpected switch case).
                    kernel:   CAP_BUG ==> BUG
                    user:     CAP_BUG ==> abort
        - Aside from the cptr cache code updates for the modified struct,
          separates cptr cache initialization into two parts: alloc and init.
          Motivation: Some users of libcap will have already allocated the
          cptr cache (e.g., declared it as a static global), and only need
          it initialized. So, to fully initialize a cptr cache, you now need
          to do, e.g.,
                      int ret;
                      cptr_cache *cache;
                      ret = cptr_cache_alloc(&cache);
                      if (ret)
                            ... handle error ...
                      ret = cptr_cache_init(cache);
                      if (ret) {
                            ... handle error ...
        - Updates test apps to use new cptr cache API (alloc then init). Adds
          some extra error handling/clean up code.
  2. 10 Jan, 2016 1 commit
    • Charlie Jacobsen's avatar
      static-cptr-cache: Changes cptr cache defs to use statically alloc'd bmaps. · 48ee0d11
      Charlie Jacobsen authored
      That is, the bitmaps are now arrays inside the cptr cache, rather
      than pointers. We need this for LCDs because the cptr cache needs
      to be up and running before we even initialize the page allocator
      and malloc.
      I need to tweak the code slightly next.
      Note: I considered using a packed struct for cptr's, with char
      fields. But I realized the allocation algorithm would become a little
      less efficient, due to extra required calculations. The advantage of
      the current algorithm is that, because the cnode table size is
      a power of 2 *and* the bits are packed (they would no longer be
      packed if we used chars, unless the cnode table size was 512), translating
      a bitmap index to a path in the cspace radix tree is really simple.
      If we switched to a struct with char's, such as:
          struct cptr {
             char level;
             char path[CAP_CSPACE_DEPTH];
             char slot;
      we would need to do a handful of bit shifts and masks to set up
      these fields properly. (For the current algorithm, there's just
      one bitwise OR to set the level bits.)
      I also realized the bit-level ops we currently use are not that
      bad/obscure. We just sacrifice a slight amount of clarity.
  3. 09 Jan, 2016 2 commits
    • Charlie Jacobsen's avatar
      Adds free to kernel version. · 96adabf2
      Charlie Jacobsen authored
      free => kfree.
    • Charlie Jacobsen's avatar
      Fixes two minor memory leaks. · 8c5a1b80
      Charlie Jacobsen authored
      1 - Need to free name strings in cap types when we
          do cap_fini.
      I decided to ran valgrind to check for any others.
      2 - Need to free fake slab cache for user version.
      There are a handful of innocuous leaks in the
      multi_thrd_cap test app. There are also some innocuous
      leaks reported due to glib's use of memory pooling (it appears).
  4. 18 Dec, 2015 1 commit
  5. 23 Nov, 2015 1 commit
  6. 20 Nov, 2015 1 commit
  7. 17 Nov, 2015 8 commits
  8. 16 Nov, 2015 2 commits
    • Josh Kunz's avatar
      Adds a reference from a cnode its cptr · 83e8ef65
      Josh Kunz authored
              Rationale: When the `revoke` handler is called for a particular
              cspace, cnode, and object, the cptr associated with that cnode
              needs to be free'd so it can be re-used by other objects (given
              there are a relatively small number of cptrs in a cspace).
              We can discover the cptr_cache associated with a cspace by
              looking at the `cspace->owner` field (which we point at our
              cache), but we can't figure out from the cnode alone which
              pointer in that cache points to the given cnode. This
              information is known when the cnode is created, so I added a
              field to the cnode that contains this information.
    • Josh Kunz's avatar
      Adds extra documentation to libcap.h · d36af6bc
      Josh Kunz authored
  9. 11 Nov, 2015 1 commit
    • Pankaj Kumar's avatar
      Add hook to lookup/verify cnode in cspace · c6d4015f
      Pankaj Kumar authored
      1. Added a function cap_cnode_verify for cnodes lookup in cspace.
         Earlier cap_cnode_get was called to verify the cnode. It imposed
         extra restrictions on the user of libcap to release cnode lock.
         Now, cap_cnode_verify will itself take care of cnode lock.
      2. Updated testcases to use cap_cnode_verify.
      Signed-off-by: Pankaj Kumar's avatarPankaj Kumar <pankajk@cs.utah.edu>
  10. 04 Nov, 2015 1 commit
  11. 03 Nov, 2015 1 commit
    • David Johnson's avatar
      Refactor libcap to allow both user lib and kernel module builds. · ab9ac0a0
      David Johnson authored
      Mostly, I kept the existing source skeletons in cap.c and
      cptr_cache.c (they've just moved to src/common), but all the
      user/kernel include differences are nicely factored out.  You
      might think my organization is a bit schizophrenic (a flattened
      include/ dir, and a hierarchical src/ dir), but I do that because
      I don't particularly care for libraries that install headers in
      $PREFIX/include/libfoo/{subdir1,subdir2,...}.  The idea with the
      src/ dir is that common cap/cptr logic goes in src/common, and
      any "platform" specialization (user lib vs kernel mod) goes in
      src/user or src/kernel .  The libcap.h and libcap_internal.h
      headers define some common types, macros, and functions, and expect
      the platform headers and source files to specialize them.
      I added a very basic notion of capability object types and tied it
      to revocation and deletion in the same way the original library did.
      For userspace, since I didn't have atomic ops, I just did basically
      what the kernel does, a cache-aware spinlock thing, but used pthread
      spinlocks (what does that even mean) in hopes they could do something
      smart internally.  Silly me, glib actually has atomic ops.  Anyway, I
      had to do that to restore atomic bit ops to userspace.
      Obviously, I got rid of all the LCD-specific stuff.
      Most of the build happens via automake, but you'll notice the
      src/kernel/Makefile.in .  That's not a checkin mistake; the kernel
      build makefiles don't play nicely with autofoo.  That Makefile just
      calls into the kernel module build process in the normal way.  Of
      course, we have to do some autofoo to arrange the sources and the
      Makefile to be in the same dir... stinky.  See src/kernel/Makefile.in .
      For now, we haven't committed the generated .in files; use
      autogen.sh as described in INSTALL.  That will probably change
      down the road.
      I mostly left the examples unchanged, although I added some locking
      to the multithread example and abstracted out its thread operations
      so you're not locked into 20k threads; it scales.  I also tried to
      make the grant/revoke operations wait until the slots had been
      constructed.  This extra locking and care has the effect of
      reducing the paralellism, I suppose, but not enough to detract from
      the test, I think.  We'll see.
  12. 30 Oct, 2015 1 commit
  13. 28 Oct, 2015 1 commit
  14. 14 Oct, 2015 1 commit
  15. 30 Sep, 2015 2 commits
  16. 11 Sep, 2015 1 commit