Questions on implementation details of capabilities

Christoph Szeppek chris at
Thu Feb 3 09:54:10 CET 2011


I try to understand how capabilities are enforced by the Fiasco.OC
kernel. From what I think I understood, capabilities are created in
the kernel space area of an address space (which is the same in every
address space) at Config::Caps_start. Each cap is identified by an
index in this area and holds a reference to an object of type
kobject_iface in its _obj attribute. This is the object this cap is
controlling access to. Now I've got a few questions about further

Where does the translation from address space local to kernel global
cap id happen?

How does the kernel know threads of which space are allowed to access
which cap (mapdb?)?

When a thread sends IPC, in which place of the kernel code do these
caps get enforced / checked?



More information about the l4-hackers mailing list