[zion] Move to default permissions being supplied by KernelObjects

2023-08-01 18:22:41 -07:00 · 2023-08-01 18:22:41 -07:00 · 1364fbed9f
parent 48c6e5b3a4
commit 1364fbed9f
16 changed files with 91 additions and 54 deletions
--- a/zion/capability/capability.h
+++ b/zion/capability/capability.h
@ -20,6 +20,10 @@ class Capability : public glcr::RefCounted<Capability> {
  Capability(const glcr::RefPtr<T>& obj, uint64_t permissions)
      : Capability(StaticCastRefPtr<KernelObject>(obj), permissions) {}
  template <typename T>
  Capability(const glcr::RefPtr<T>& obj)
      : Capability(obj, T::DefaultPermissions()) {}
  template <typename T>
  glcr::RefPtr<T> obj();
--- a/zion/capability/capability_table.h
+++ b/zion/capability/capability_table.h
@ -14,9 +14,12 @@ class CapabilityTable {
  CapabilityTable& operator=(CapabilityTable&) = delete;
  template <typename T>
-  uint64_t AddNewCapability(const glcr::RefPtr<T>& object,
+  z_cap_t AddNewCapability(const glcr::RefPtr<T>& object, uint64_t permissions);
-                            uint64_t permissions);
+  template <typename T>
-  uint64_t AddExistingCapability(const glcr::RefPtr<Capability>& cap);
+  z_cap_t AddNewCapability(const glcr::RefPtr<T>& object) {
    return AddNewCapability<T>(object, T::DefaultPermissions());
  }
  z_cap_t AddExistingCapability(const glcr::RefPtr<Capability>& cap);
  glcr::RefPtr<Capability> GetCapability(uint64_t id);
  glcr::RefPtr<Capability> ReleaseCapability(uint64_t id);
--- a/zion/include/ztypes.h
+++ b/zion/include/ztypes.h
@ -63,15 +63,18 @@ const uint64_t kZionDebug = 0x1'0000;
 typedef uint64_t z_cap_t;
 #define Z_INVALID 0x0
 // General Capability Permissions
-#define ZC_WRITE 0x01
+const uint64_t kZionPerm_Write = 0x1;
-#define ZC_READ 0x02
+const uint64_t kZionPerm_Read = 0x2;
 const uint64_t kZionPerm_Transmit = 0x10;
 const uint64_t kZionPerm_Duplicate = 0x20;
 // Capability Specific Permissions
-#define ZC_PROC_SPAWN_PROC 0x100
+
-#define ZC_PROC_SPAWN_THREAD 0x200
+// Permissions held on process capabilities.
 const uint64_t kZionPerm_SpawnProcess = 0x100;
 const uint64_t kZionPerm_SpawnThread = 0x200;
 /* ------------------------------
 * Process Init Types
--- a/zion/loader/init_loader.cpp
+++ b/zion/loader/init_loader.cpp
@ -124,8 +124,7 @@ void WriteInitProgram(glcr::RefPtr<Port> port, glcr::String name, uint64_t id) {
      glcr::MakeRefCounted<MemoryObject>(prog.size);
  prog_vmmo->CopyBytesToObject(reinterpret_cast<uint64_t>(prog.address),
                               prog.size);
-  port->WriteKernel(id,
+  port->WriteKernel(id, MakeRefCounted<Capability>(prog_vmmo));
                    MakeRefCounted<Capability>(prog_vmmo, ZC_READ | ZC_WRITE));
 }
 glcr::ErrorCode WritePciVmmo(glcr::RefPtr<Port> port, uint64_t id) {
@ -133,7 +132,7 @@ glcr::ErrorCode WritePciVmmo(glcr::RefPtr<Port> port, uint64_t id) {
  auto vmmo =
      glcr::MakeRefCounted<FixedMemoryObject>(config.base, config.offset);
-  port->WriteKernel(id, MakeRefCounted<Capability>(vmmo, ZC_READ | ZC_WRITE));
+  port->WriteKernel(id, MakeRefCounted<Capability>(vmmo));
  return glcr::OK;
 }
@ -149,12 +148,9 @@ void LoadInitProgram() {
  // Write init data.
  auto port = glcr::MakeRefCounted<Port>();
-  uint64_t port_cap = proc->AddNewCapability(port, ZC_READ | ZC_WRITE);
+  uint64_t port_cap = proc->AddNewCapability(port);
-  port->WriteKernel(Z_INIT_SELF_PROC,
+  port->WriteKernel(Z_INIT_SELF_PROC, MakeRefCounted<Capability>(proc));
-                    MakeRefCounted<Capability>(
+  port->WriteKernel(Z_INIT_SELF_VMAS, MakeRefCounted<Capability>(proc->vmas()));
                        proc, ZC_PROC_SPAWN_PROC | ZC_PROC_SPAWN_THREAD));
  port->WriteKernel(Z_INIT_SELF_VMAS,
                    MakeRefCounted<Capability>(proc->vmas(), ZC_WRITE));
  WriteInitProgram(port, "/sys/denali", Z_BOOT_DENALI_VMMO);
  WriteInitProgram(port, "/sys/victoriafalls", Z_BOOT_VICTORIA_FALLS_VMMO);
--- a/zion/object/address_space.h
+++ b/zion/object/address_space.h
@ -4,6 +4,7 @@
 #include <glacier/memory/ref_ptr.h>
 #include <stdint.h>
 #include "include/ztypes.h"
 #include "memory/user_stack_manager.h"
 #include "object/memory_object.h"
@ -36,6 +37,8 @@ class AddressSpace : public KernelObject {
 public:
  uint64_t TypeTag() override { return KernelObject::ADDRESS_SPACE; }
  static uint64_t DefaultPermissions() { return kZionPerm_Write; }
  enum MemoryType {
    UNSPECIFIED,
    UNMAPPED,
--- a/zion/object/channel.h
+++ b/zion/object/channel.h
@ -21,6 +21,10 @@ struct KernelObjectTag<Channel> {
 class Channel : public IpcObject {
 public:
  uint64_t TypeTag() override { return KernelObject::CHANNEL; }
  static uint64_t DefaultPermissions() {
    return kZionPerm_Read | kZionPerm_Write;
  }
  static glcr::Pair<glcr::RefPtr<Channel>, glcr::RefPtr<Channel>>
  CreateChannelPair();
--- a/zion/object/endpoint.h
+++ b/zion/object/endpoint.h
@ -20,6 +20,10 @@ struct KernelObjectTag<Endpoint> {
 class Endpoint : public IpcObject {
 public:
  uint64_t TypeTag() override { return KernelObject::ENDPOINT; }
  static uint64_t DefaultPermissions() {
    return kZionPerm_Read | kZionPerm_Write;
  }
  static glcr::RefPtr<Endpoint> Create();
  glcr::ErrorCode Read(uint64_t* num_bytes, void* data,
--- a/zion/object/memory_object.h
+++ b/zion/object/memory_object.h
@ -4,6 +4,7 @@
 #include <glacier/memory/ref_ptr.h>
 #include <glacier/status/error_or.h>
 #include "include/ztypes.h"
 #include "object/kernel_object.h"
 class MemoryObject;
@ -21,6 +22,10 @@ struct KernelObjectTag<MemoryObject> {
 class MemoryObject : public KernelObject {
 public:
  uint64_t TypeTag() override { return KernelObject::MEMORY_OBJECT; }
  static uint64_t DefaultPermissions() {
    return kZionPerm_Write | kZionPerm_Read;
  }
  MemoryObject(uint64_t size);
  uint64_t size() { return size_; }
--- a/zion/object/port.h
+++ b/zion/object/port.h
@ -21,6 +21,9 @@ struct KernelObjectTag<Port> {
 class Port : public IpcObject {
 public:
  uint64_t TypeTag() override { return KernelObject::PORT; }
  static uint64_t DefaultPermissions() {
    return kZionPerm_Write | kZionPerm_Read;
  }
  Port() = default;
--- a/zion/object/process.h
+++ b/zion/object/process.h
@ -22,6 +22,11 @@ struct KernelObjectTag<Process> {
 class Process : public KernelObject {
 public:
  uint64_t TypeTag() override { return KernelObject::PROCESS; }
  static uint64_t DefaultPermissions() {
    return kZionPerm_Write | kZionPerm_Read | kZionPerm_SpawnThread |
           kZionPerm_SpawnProcess;
  }
  enum State {
    UNSPECIFIED,
    SETUP,
@ -44,6 +49,10 @@ class Process : public KernelObject {
  uint64_t AddNewCapability(const glcr::RefPtr<T>& obj, uint64_t permissions) {
    return caps_.AddNewCapability(obj, permissions);
  }
  template <typename T>
  uint64_t AddNewCapability(const glcr::RefPtr<T>& obj) {
    return caps_.AddNewCapability(obj);
  }
  uint64_t AddExistingCapability(const glcr::RefPtr<Capability>& cap);
  // Checks the state of all child threads and transitions to
--- a/zion/object/thread.h
+++ b/zion/object/thread.h
@ -4,6 +4,7 @@
 #include <glacier/memory/ref_ptr.h>
 #include <stdint.h>
 #include "include/ztypes.h"
 #include "object/kernel_object.h"
 // Forward decl due to cyclic dependency.
@ -18,6 +19,10 @@ struct KernelObjectTag<Thread> {
 class Thread : public KernelObject, public glcr::IntrusiveListNode<Thread> {
 public:
  uint64_t TypeTag() override { return KernelObject::THREAD; }
  static uint64_t DefaultPermissions() {
    return kZionPerm_Read | kZionPerm_Write;
  }
  enum State {
    UNSPECIFIED,
    CREATED,
--- a/zion/syscall/address_space.cpp
+++ b/zion/syscall/address_space.cpp
@ -7,8 +7,8 @@ z_err_t AddressSpaceMap(ZAddressSpaceMapReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  auto vmas_cap = curr_proc.GetCapability(req->vmas_cap);
  auto vmmo_cap = curr_proc.GetCapability(req->vmmo_cap);
-  RET_ERR(ValidateCapability<AddressSpace>(vmas_cap, ZC_WRITE));
+  RET_ERR(ValidateCapability<AddressSpace>(vmas_cap, kZionPerm_Write));
-  RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, ZC_WRITE));
+  RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, kZionPerm_Write));
  auto vmas = vmas_cap->obj<AddressSpace>();
  auto vmmo = vmmo_cap->obj<MemoryObject>();
--- a/zion/syscall/ipc.cpp
+++ b/zion/syscall/ipc.cpp
@ -9,16 +9,15 @@
 z_err_t ChannelCreate(ZChannelCreateReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto chan_pair = Channel::CreateChannelPair();
-  *req->channel1 = proc.AddNewCapability(chan_pair.first(), ZC_WRITE | ZC_READ);
+  *req->channel1 = proc.AddNewCapability(chan_pair.first());
-  *req->channel2 =
+  *req->channel2 = proc.AddNewCapability(chan_pair.second());
      proc.AddNewCapability(chan_pair.second(), ZC_WRITE | ZC_READ);
  return glcr::OK;
 }
 z_err_t ChannelSend(ZChannelSendReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto chan_cap = proc.GetCapability(req->chan_cap);
-  RET_ERR(ValidateCapability<Channel>(chan_cap, ZC_WRITE));
+  RET_ERR(ValidateCapability<Channel>(chan_cap, kZionPerm_Write));
  auto chan = chan_cap->obj<Channel>();
  return chan->Send(req->num_bytes, req->data, req->num_caps, req->caps);
@ -27,7 +26,7 @@ z_err_t ChannelSend(ZChannelSendReq* req) {
 z_err_t ChannelRecv(ZChannelRecvReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto chan_cap = proc.GetCapability(req->chan_cap);
-  RET_ERR(ValidateCapability<Channel>(chan_cap, ZC_READ));
+  RET_ERR(ValidateCapability<Channel>(chan_cap, kZionPerm_Read));
  auto chan = chan_cap->obj<Channel>();
  return chan->Recv(req->num_bytes, req->data, req->num_caps, req->caps);
@ -36,14 +35,14 @@ z_err_t ChannelRecv(ZChannelRecvReq* req) {
 z_err_t PortCreate(ZPortCreateReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto port = glcr::MakeRefCounted<Port>();
-  *req->port_cap = proc.AddNewCapability(port, ZC_WRITE | ZC_READ);
+  *req->port_cap = proc.AddNewCapability(port);
  return glcr::OK;
 }
 z_err_t PortSend(ZPortSendReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto port_cap = proc.GetCapability(req->port_cap);
-  RET_ERR(ValidateCapability<Port>(port_cap, ZC_WRITE));
+  RET_ERR(ValidateCapability<Port>(port_cap, kZionPerm_Write));
  auto port = port_cap->obj<Port>();
  return port->Send(req->num_bytes, req->data, req->num_caps, req->caps);
@ -52,7 +51,7 @@ z_err_t PortSend(ZPortSendReq* req) {
 z_err_t PortRecv(ZPortRecvReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto port_cap = proc.GetCapability(req->port_cap);
-  RET_ERR(ValidateCapability<Port>(port_cap, ZC_READ));
+  RET_ERR(ValidateCapability<Port>(port_cap, kZionPerm_Read));
  auto port = port_cap->obj<Port>();
  ZMessage message{
@ -67,7 +66,7 @@ z_err_t PortRecv(ZPortRecvReq* req) {
 z_err_t PortPoll(ZPortPollReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto port_cap = proc.GetCapability(req->port_cap);
-  RET_ERR(ValidateCapability<Port>(port_cap, ZC_READ));
+  RET_ERR(ValidateCapability<Port>(port_cap, kZionPerm_Read));
  auto port = port_cap->obj<Port>();
  // FIXME: Race condition here where this call could block if the last message
@ -85,15 +84,14 @@ z_err_t IrqRegister(ZIrqRegisterReq* req) {
    return glcr::UNIMPLEMENTED;
  }
  glcr::RefPtr<Port> port = glcr::MakeRefCounted<Port>();
-  *req->port_cap = proc.AddNewCapability(port, ZC_READ | ZC_WRITE);
+  *req->port_cap = proc.AddNewCapability(port);
  RegisterPciPort(port);
  return glcr::OK;
 }
 glcr::ErrorCode EndpointCreate(ZEndpointCreateReq* req) {
  auto& proc = gScheduler->CurrentProcess();
-  *req->endpoint_cap =
+  *req->endpoint_cap = proc.AddNewCapability(Endpoint::Create());
      proc.AddNewCapability(Endpoint::Create(), ZC_READ | ZC_WRITE);
  return glcr::OK;
 }
@ -101,12 +99,13 @@ glcr::ErrorCode EndpointSend(ZEndpointSendReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto endpoint_cap = proc.GetCapability(req->endpoint_cap);
-  ValidateCapability<Endpoint>(endpoint_cap, ZC_WRITE);
+  ValidateCapability<Endpoint>(endpoint_cap, kZionPerm_Write);
  auto endpoint = endpoint_cap->obj<Endpoint>();
  auto reply_port = ReplyPort::Create();
-  *req->reply_port_cap = proc.AddNewCapability(reply_port, ZC_READ);
+  *req->reply_port_cap = proc.AddNewCapability(reply_port, kZionPerm_Read);
-  uint64_t reply_port_cap_to_send = proc.AddNewCapability(reply_port, ZC_WRITE);
+  uint64_t reply_port_cap_to_send =
      proc.AddNewCapability(reply_port, kZionPerm_Write);
  return endpoint->Send(req->num_bytes, req->data, 1, &reply_port_cap_to_send);
 }
@ -114,7 +113,7 @@ glcr::ErrorCode EndpointRecv(ZEndpointRecvReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto endpoint_cap = proc.GetCapability(req->endpoint_cap);
-  ValidateCapability<Endpoint>(endpoint_cap, ZC_READ);
+  ValidateCapability<Endpoint>(endpoint_cap, kZionPerm_Read);
  auto endpoint = endpoint_cap->obj<Endpoint>();
  uint64_t num_caps = 1;
@ -129,7 +128,7 @@ glcr::ErrorCode EndpointRecv(ZEndpointRecvReq* req) {
 glcr::ErrorCode ReplyPortSend(ZReplyPortSendReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto reply_port_cap = proc.GetCapability(req->reply_port_cap);
-  ValidateCapability<ReplyPort>(reply_port_cap, ZC_WRITE);
+  ValidateCapability<ReplyPort>(reply_port_cap, kZionPerm_Read);
  auto reply_port = reply_port_cap->obj<ReplyPort>();
  return reply_port->Send(req->num_bytes, req->data, req->num_caps, req->caps);
@ -138,7 +137,7 @@ glcr::ErrorCode ReplyPortRecv(ZReplyPortRecvReq* req) {
  auto& proc = gScheduler->CurrentProcess();
  auto reply_port_cap = proc.GetCapability(req->reply_port_cap);
-  ValidateCapability<ReplyPort>(reply_port_cap, ZC_READ);
+  ValidateCapability<ReplyPort>(reply_port_cap, kZionPerm_Read);
  auto reply_port = reply_port_cap->obj<ReplyPort>();
  return reply_port->Recv(req->num_bytes, req->data, req->num_caps, req->caps);
--- a/zion/syscall/memory_object.cpp
+++ b/zion/syscall/memory_object.cpp
@ -6,8 +6,8 @@
 z_err_t MemoryObjectCreate(ZMemoryObjectCreateReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
-  *req->vmmo_cap = curr_proc.AddNewCapability(
+  *req->vmmo_cap =
-      glcr::MakeRefCounted<MemoryObject>(req->size), ZC_WRITE);
+      curr_proc.AddNewCapability(glcr::MakeRefCounted<MemoryObject>(req->size));
  return glcr::OK;
 }
@ -15,8 +15,8 @@ z_err_t MemoryObjectCreatePhysical(ZMemoryObjectCreatePhysicalReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  uint64_t paddr = req->paddr;
  auto vmmo_ref = glcr::MakeRefCounted<FixedMemoryObject>(paddr, req->size);
-  *req->vmmo_cap = curr_proc.AddNewCapability(
+  *req->vmmo_cap =
-      StaticCastRefPtr<MemoryObject>(vmmo_ref), ZC_WRITE);
+      curr_proc.AddNewCapability(StaticCastRefPtr<MemoryObject>(vmmo_ref));
  return glcr::OK;
 }
@ -24,8 +24,8 @@ z_err_t MemoryObjectCreateContiguous(ZMemoryObjectCreateContiguousReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  uint64_t paddr = phys_mem::AllocateContinuous(((req->size - 1) / 0x1000) + 1);
  auto vmmo_ref = glcr::MakeRefCounted<FixedMemoryObject>(paddr, req->size);
-  *req->vmmo_cap = curr_proc.AddNewCapability(
+  *req->vmmo_cap =
-      StaticCastRefPtr<MemoryObject>(vmmo_ref), ZC_WRITE);
+      curr_proc.AddNewCapability(StaticCastRefPtr<MemoryObject>(vmmo_ref));
  *req->paddr = paddr;
  return glcr::OK;
 }
@ -34,11 +34,11 @@ z_err_t MemoryObjectDuplicate(ZMemoryObjectDuplicateReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  auto vmmo_cap = curr_proc.GetCapability(req->vmmo_cap);
  // FIXME: Check a duplication permission here.
-  RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, ZC_WRITE));
+  RET_ERR(ValidateCapability<MemoryObject>(vmmo_cap, kZionPerm_Write));
  ASSIGN_OR_RETURN(
      glcr::RefPtr<MemoryObject> new_vmmo,
      vmmo_cap->obj<MemoryObject>()->Duplicate(req->base_offset, req->length));
-  *req->new_vmmo_cap = curr_proc.AddNewCapability(new_vmmo, ZC_WRITE | ZC_READ);
+  *req->new_vmmo_cap = curr_proc.AddNewCapability(new_vmmo);
  return glcr::OK;
 }
--- a/zion/syscall/process.cpp
+++ b/zion/syscall/process.cpp
@ -17,14 +17,13 @@ z_err_t ProcessExit(ZProcessExitReq* req) {
 z_err_t ProcessSpawn(ZProcessSpawnReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  auto cap = curr_proc.GetCapability(req->proc_cap);
-  RET_ERR(ValidateCapability<Process>(cap, ZC_PROC_SPAWN_PROC));
+  RET_ERR(ValidateCapability<Process>(cap, kZionPerm_SpawnProcess));
  glcr::RefPtr<Process> proc = Process::Create();
  gProcMan->InsertProcess(proc);
-  *req->new_proc_cap = curr_proc.AddNewCapability(
+  *req->new_proc_cap = curr_proc.AddNewCapability(proc);
-      proc, ZC_PROC_SPAWN_PROC | ZC_PROC_SPAWN_THREAD | ZC_WRITE);
+  *req->new_vmas_cap = curr_proc.AddNewCapability(proc->vmas());
  *req->new_vmas_cap = curr_proc.AddNewCapability(proc->vmas(), ZC_WRITE);
  if (req->bootstrap_cap != 0) {
    auto cap = curr_proc.ReleaseCapability(req->bootstrap_cap);
--- a/zion/syscall/thread.cpp
+++ b/zion/syscall/thread.cpp
@ -7,18 +7,18 @@
 glcr::ErrorCode ThreadCreate(ZThreadCreateReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  auto cap = curr_proc.GetCapability(req->proc_cap);
-  RET_ERR(ValidateCapability<Process>(cap, ZC_PROC_SPAWN_THREAD));
+  RET_ERR(ValidateCapability<Process>(cap, kZionPerm_SpawnThread));
  auto parent_proc = cap->obj<Process>();
  auto thread = parent_proc->CreateThread();
-  *req->thread_cap = curr_proc.AddNewCapability(thread, ZC_WRITE | ZC_READ);
+  *req->thread_cap = curr_proc.AddNewCapability(thread);
  return glcr::OK;
 }
 glcr::ErrorCode ThreadStart(ZThreadStartReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  auto cap = curr_proc.GetCapability(req->thread_cap);
-  RET_ERR(ValidateCapability<Thread>(cap, ZC_WRITE));
+  RET_ERR(ValidateCapability<Thread>(cap, kZionPerm_Write));
  auto thread = cap->obj<Thread>();
  // FIXME: validate entry point is in user space.
@ -36,7 +36,7 @@ glcr::ErrorCode ThreadExit(ZThreadExitReq*) {
 glcr::ErrorCode ThreadWait(ZThreadWaitReq* req) {
  auto& curr_proc = gScheduler->CurrentProcess();
  auto cap = curr_proc.GetCapability(req->thread_cap);
-  RET_ERR(ValidateCapability<Thread>(cap, ZC_READ));
+  RET_ERR(ValidateCapability<Thread>(cap, kZionPerm_Read));
  auto thread = cap->obj<Thread>();
  thread->Wait();
  return glcr::OK;