User-level objects

teclis High Elf teclis.high.elf at gmail.com
Tue Dec 9 16:32:09 CET 2014 

Hi, would someone be able to point me to example code for setting access
control on a kernel object? Say I am brining up Fiasco on new hardware that
has certain instructions that can only be executed when running in kernel
privilege level but I want to control which tasks can use them. Could I
create a new class of kernel object for my hardware instruction and then
set access control on this class of kernel object so only my task can make
the syscall. No other tasks i.e. Moe, Ned etc. would be able to instantiate
my new kernel object and make the protected syscall. Or alternatively if
some one could recommend a mechanism for controlling which tasks could make
a new syscall in Fiasco L4Re that would be very helpful to.

thanks

On Mon, Dec 8, 2014 at 7:00 PM, Adam Lackorzynski <adam at os.inf.tu-dresden.de
> wrote:

> On Mon Dec 08, 2014 at 22:10:40 +0800, li94575 wrote:
> > At 2014-12-07 07:36:38, "Adam Lackorzynski" <adam at os.inf.tu-dresden.de>
> wrote:
> > >Hi,
> > >
> > >On Sat Dec 06, 2014 at 22:24:20 +0800, li94575 wrote:
> > >> As I know, we can set  access permissions for the kernel objects, and
> > >> access to user-level objects is  through IPC_Gate.
> > >> So, can I  set access permissions for user-level objects through the
> > >> IPC_Gate?
> > >
> > >Yes. This is done by giving the appropriate rights flags on mapping. In
> > >Ned's scripting, there are those ':mode("...")' statements (typically
> > >abbreviated with just ':m("...")' or just 'svr()' that define those
> > >permissions. However, bits to be used by user-level implementations are
> > >just the write bit.
> >
> > If I only map a capability with reading permission for server object,
> but  I actually  perform a writing operation on the object with the
> capability, can you tell me where  the kernel do the permission
> checking?and for the objects, how to define the reading and writing
> operation?
>
> For caps, the kernel does not care about the write bit, however, it's
> visible on the server side and can be used there. The first parameter
> for the typical dispatch function is that 'l4_umword_t obj', which is
> actually the label. The lower bits of that obj also encode the 'W' bit.
> So by testing 'obj & L4_CAP_FPAGE_W' you see whether the caller (client)
> has the cap with or without the W bit mapped.
>
>
> Adam
> --
> Adam                 adam at os.inf.tu-dresden.de
>   Lackorzynski         http://os.inf.tu-dresden.de/~adam/
>
> _______________________________________________
> l4-hackers mailing list
> l4-hackers at os.inf.tu-dresden.de
> http://os.inf.tu-dresden.de/mailman/listinfo/l4-hackers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://os.inf.tu-dresden.de/pipermail/l4-hackers/attachments/20141209/e1283f1b/attachment.html>

More information about the l4-hackers mailing list