- 09 Mar, 2017 1 commit
-
-
David Johnson authored
-
- 08 Mar, 2017 1 commit
-
-
David Johnson authored
-
- 13 Oct, 2016 4 commits
-
-
Josh Kunz authored
-
Josh Kunz authored
The old algorithm would ignore 2nd-level children of the revoked node because they were inserted "before" their parent that was getting removed from the list. The new algorithm re-starts the revoke from the last "checkpoint" (node that is guaranteed to be in the output tree) so that we can detect the children of deleted nodes.
-
Josh Kunz authored
Instead of the weird "two-part" move that I was doing, trying to splice both the old CDT root and its children into the new parent's "children" list. I realized that you can just move the old root into the children list, and everything will work out fine.
-
Josh Kunz authored
-
- 22 Sep, 2016 2 commits
-
-
David Johnson authored
-
David Johnson authored
We don't (can't) have runtime L1 cache size detection on aarch64 without help. Of course, line size is always 64 bytes (and that can be found at runtime); but the total L1 dcache size is not discoverable unless the kernel (or something else at EL0) has flipped the ECT bit in the system control register. This could well be why getconf LEVEL1_DCACHE_SIZE fails. In any case, I can't see how it would work. So, abuse the fact that no aarch64 impl has L1 dcache < 32KB and be happy.
-
- 20 Sep, 2016 1 commit
-
-
Josh Kunz authored
-
- 03 Sep, 2016 1 commit
-
-
Josh Kunz authored
In CapNet, predicates need to be able to use runtime information to say whether a cnode is part of a valid traversal or not.
-
- 31 May, 2016 1 commit
-
-
Josh Kunz authored
-
- 09 May, 2016 1 commit
-
-
Josh Kunz authored
-
- 08 May, 2016 2 commits
- 04 May, 2016 1 commit
-
-
Josh Kunz authored
-
- 20 Apr, 2016 2 commits
-
-
Josh Kunz authored
This adds a 'metadata' argument to cap_grant, and cap_insert that allows the caller to set the `metadata` field of a cnode atomically on creation.
-
Josh Kunz authored
Changes the owner getters and setters to follow the (better) convention the metadata getters and setters set. Also adds `revoke_till` as an export symbol.
-
- 18 Apr, 2016 1 commit
-
-
Josh Kunz authored
Revoke allows partial revocation of a CDT, rather than full revocation when a node is deleted.
-
- 11 Apr, 2016 2 commits
- 07 Apr, 2016 1 commit
-
-
Josh Kunz authored
-
- 15 Mar, 2016 4 commits
-
-
Josh Kunz authored
* Moves where cnode->cptr is defined closer to where a cnode is first created. This way, cnodes not created through `cap_insert` still get cptrs. * When granting, we definitely don't want copy the src cspace to the dst cspace. Kind-of defeats the purpose
-
Josh Kunz authored
Also adds some default returns to address compiler warnings.
-
Josh Kunz authored
Currently I'm assuming that we want the grant callbacks to actually see the granted cnode. Therefore, we need to roll-back if the grant callback aborts the grant operation. The additional comments about the libcap callbacks just explain their semantics in greater detail.
-
Josh Kunz authored
-
- 01 Mar, 2016 1 commit
-
-
Charlie Jacobsen authored
Unlike other kernel functions, mutex_trylock returns 1 on sucess and 0 on error. The double negations were inverting the interpretation of the result. (It still worked because on the first attempt, we interpreted as a failure and tried again; on the second attempt, it was really a failure to take the lock but we interpreted as a success.)
-
- 27 Jan, 2016 2 commits
-
-
Josh Kunz authored
-
Josh Kunz authored
This commit does three main things: 1. Full CDT reference counting. When CDT locks are acquired, all intermediate root's reference counts are update safely. 2. Re-factor's the operations to use two generic locking routines with special handlers (binop, and unop). This removes a lot of code duplication which made adding the locking code much easier, and should help prevent bugs. 3. Removes the `delete` callback, now `delete` will be called whenever a cnode is created. It's the object's decision if this requires a memory free or not. Also adds three new callbacks: * `grant(src, dst)`: called when a grant from src -> dst happens. Only the handler for `src` is called. * `derive_src(src, dst)`: called on `src` when dst is derived from src. * `derive_dst(src, dst)`: called on `dst` when dst is derived from src. Objects are now responsible for doing some sort of reference counting in the grant and delete callbacks to prevent leaks. The grant and derive callbacks will also be the main hooks for capnet.
-
- 13 Jan, 2016 4 commits
- 19 Jan, 2016 1 commit
-
-
Charlie Jacobsen authored
I got rid of the KERNEL_HEADERS_INSTALL thing. Kind of silly. The user is just expected to set their prefix right. We still have to do a hook in order to install the kernel-specific stuff. libcap.a and libcap.ko (kernel binaries) go in prefix/lib.
-
- 17 Jan, 2016 7 commits
-
-
Charlie Jacobsen authored
-
Charlie Jacobsen authored
-
Charlie Jacobsen authored
I don't think it's needed at this point. The libcap user is therefore responsible for tracking lifetimes and freeing things at the correct points. In addition, I noted in cap_grant (not implemented yet), that grant will fail if the source and destination cspaces have different type systems.
-
Charlie Jacobsen authored
Forgot about that. Also adds source file to build.
-
Charlie Jacobsen authored
Moves David's register cap type into register private cap type.
-
Charlie Jacobsen authored
-
Charlie Jacobsen authored
The code builds right now by default (--enable-global-cap-types is on by default). Next step is to adjust the internals. Fixed an autoconf script bug: if you AC_SUBST a variable in one case and AC_SUBST_FILE in another (perhaps in an if statement), autoconf gets confused. So, I just always AC_SUBST now and cat the file into the variable when necessary. (I'm referring to the CAP_INCLUDE_GLOBAL_TYPES variable in configure.ac.)
-