[kernel] Add capabilities to handles

This change finally adds capabilities to handles. Included changes:

- j6_handle_t is now again 64 bits, with the highest 8 bits being a type
  code, and the next highest 24 bits being the capability mask, so that
  programs can check type/caps without calling the kernel.
- The definitions grammar now includes a `capabilities [ ]` section on
  objects, to list what capabilities are relevant.
- j6/caps.h is auto-generated from object capability lists
- init_libj6 again sets __handle_self and __handle_sys, this is a bit
  of a hack.
- A new syscall, j6_handle_list, will return the list of existing
  handles owned by the calling process.
- syscall_verify.cpp.cog now actually checks that the needed
  capabilities exist on handles before allowing the call.

src/kernel/kernel.module

@@ -53,6 +53,7 @@ kernel = module("kernel",
         "syscalls.inc.cog",
         "syscalls/channel.cpp",
         "syscalls/endpoint.cpp",
+        "syscalls/handle.cpp",
         "syscalls/object.cpp",
         "syscalls/process.cpp",
         "syscalls/system.cpp",

src/kernel/objects/channel.h

@@ -2,6 +2,7 @@
 /// \file channel.h
 /// Definition of channel objects and related functions
 
+#include <j6/caps.h>
 #include <j6/signals.h>
 #include <util/bip_buffer.h>
 #include <util/counted.h>
@@ -17,7 +18,7 @@ class channel :
 {
 public:
     /// Capabilities on a newly constructed channel handle
-    constexpr static j6_cap_t creation_caps = 0;
+    constexpr static j6_cap_t creation_caps = j6_cap_channel_all;
 
     channel();
     virtual ~channel();

src/kernel/objects/endpoint.h

@@ -2,6 +2,7 @@
 /// \file endpoint.h
 /// Definition of endpoint kobject types
 
+#include <j6/caps.h>
 #include <j6/signals.h>
 #include <util/spinlock.h>
 #include <util/vector.h>
@@ -16,7 +17,7 @@ class endpoint :
 {
 public:
     /// Capabilities on a newly constructed endpoint handle
-    constexpr static j6_cap_t creation_caps = 0;
+    constexpr static j6_cap_t creation_caps = j6_cap_endpoint_all;
 
     endpoint();
     virtual ~endpoint();

src/kernel/objects/handle.h

@@ -9,34 +9,40 @@ namespace obj {
 
 struct handle
 {
-    inline handle(j6_handle_t in_id, kobject *in_object, j6_cap_t in_caps) :
-        id {in_id}, object {in_object}, caps {in_caps} {
+    // A j6_handle_t is an id in the low 32 bits, caps in bits 32-55, and type in 56-63
+    static inline j6_handle_t make_id(j6_handle_t id, j6_cap_t caps, kobject *obj) {
+        return (id & 0xffffffffull) |
+            static_cast<j6_handle_t>(caps) << 32 |
+            static_cast<j6_handle_t>(obj ? obj->get_type() : kobject::type::none) << 56;
+    }
+
+    inline handle(j6_handle_t in_id, kobject *in_obj, j6_cap_t caps) :
+        id {make_id(in_id, caps, in_obj)}, object {in_obj} {
         if (object) object->handle_retain();
     }
 
     inline handle(const handle &other) :
-        id {other.id}, object {other.object}, caps {other.caps} {
+        id {other.id}, object {other.object} {
         if (object) object->handle_retain();
     }
 
     inline handle(handle &&other) :
-        id {other.id}, object {other.object}, caps {other.caps} {
+        id {other.id}, object {other.object} {
         other.id = 0;
-        other.caps = 0;
         other.object = nullptr;
     }
 
     inline handle & operator=(const handle &other) {
         if (object) object->handle_release();
-        id = other.id; caps = other.caps; object = other.object;
+        id = other.id; object = other.object;
         if (object) object->handle_retain();
         return *this;
     }
 
     inline handle & operator=(handle &&other) {
         if (object) object->handle_release();
-        id = other.id; caps = other.caps; object = other.object;
-        other.id = other.caps = 0; other.object = nullptr;
+        id = other.id; object = other.object;
+        other.id = 0; other.object = nullptr;
         return *this;
     }
 
@@ -44,12 +50,14 @@ struct handle
         if (object) object->handle_release();
     }
 
+    inline j6_cap_t caps() const { return id >> 32; }
+
     inline bool has_cap(j6_cap_t test) const {
-        return (caps & test) == test;
+        return (caps() & test) == test;
     }
 
     inline kobject::type type() const {
-        return object->get_type();
+        return static_cast<kobject::type>(id >> 56);
     }
 
     inline int compare(const handle &o) {
@@ -75,7 +83,6 @@ struct handle
     inline const kobject * as<kobject>() const { return object; }
 
     j6_handle_t id;
-    j6_cap_t caps;
     kobject *object;
 };
 

src/kernel/objects/kobject.h

@@ -16,7 +16,7 @@ class kobject
 {
 public:
     /// Types of kernel objects.
-    enum class type : uint16_t
+    enum class type : uint8_t
     {
 #define OBJECT_TYPE( name, val ) name = val,
 #include <j6/tables/object_types.inc>

src/kernel/objects/process.cpp

@@ -22,8 +22,7 @@ process::process() :
     m_next_handle {1},
     m_state {state::running}
 {
-    j6_handle_t self = add_handle(this, process::self_caps);
-    kassert(self == self_handle(), "Process self-handle is not 1");
+    m_self_handle = add_handle(this, process::self_caps);
 }
 
 // The "kernel process"-only constructor
@@ -129,9 +128,10 @@ process::add_handle(kobject *obj, j6_cap_t caps)
     if (!obj)
         return j6_handle_invalid;
 
-    j6_handle_t id = m_next_handle++;
-    m_handles.insert(id, {id, obj, caps});
+    handle h {m_next_handle++, obj, caps};
+    j6_handle_t id = h.id;
 
+    m_handles.insert(id, h);
     return id;
 }
 
@@ -147,4 +147,16 @@ process::lookup_handle(j6_handle_t id)
     return m_handles.find(id);
 }
 
+size_t
+process::list_handles(j6_handle_t *handles, size_t len)
+{
+    for (const auto &i : m_handles) {
+        if (len-- == 0)
+            break;
+        *handles++ = i.key;
+    }
+
+    return m_handles.count();
+}
+
 } // namespace obj

src/kernel/objects/process.h

@@ -2,6 +2,7 @@
 /// \file process.h
 /// Definition of process kobject types
 
+#include <j6/caps.h>
 #include <util/map.h>
 #include <util/vector.h>
 
@@ -17,10 +18,10 @@ class process :
 {
 public:
     /// Capabilities on a newly constructed process handle
-    constexpr static j6_cap_t creation_caps = 0;
+    constexpr static j6_cap_t creation_caps = j6_cap_process_all;
 
     /// Capabilities on a process to itself
-    constexpr static j6_cap_t self_caps = 0;
+    constexpr static j6_cap_t self_caps = j6_cap_process_all;
 
     /// Top of memory area where thread stacks are allocated
     constexpr static uintptr_t stacks_top = 0x0000800000000000;
@@ -74,13 +75,19 @@ public:
     /// \returns     Pointer to the handle struct, or null if not found
     handle * lookup_handle(j6_handle_t handle);
 
+    /// Get the list of handle ids this process owns
+    /// \arg handles  Pointer to an array of handles to copy into
+    /// \arg len      Size of the array
+    /// \returns      Total number of handles (may be more than number copied)
+    size_t list_handles(j6_handle_t *handles, size_t len);
+
     /// Inform the process of an exited thread
     /// \args th  The thread which has exited
     /// \returns  True if this thread ending has ended the process
     bool thread_exited(thread *th);
 
     /// Get the handle for this process to refer to itself
-    inline j6_handle_t self_handle() const { return 1; }
+    inline j6_handle_t self_handle() const { return m_self_handle; }
 
     /// Get the process object that owns kernel threads and the
     /// kernel address space
@@ -95,6 +102,7 @@ private:
     // This constructor is called by create_kernel_process
     process(page_table *kpml4);
 
+    j6_handle_t m_self_handle;
     int32_t m_return_code;
 
     vm_space m_space;

src/kernel/objects/system.h

@@ -2,6 +2,7 @@
 /// \file system.h
 /// Definition of kobject type representing the system
 
+#include <j6/caps.h>
 #include "objects/kobject.h"
 
 namespace obj {
@@ -11,7 +12,7 @@ class system :
 {
 public:
     /// Capabilities on system given to init
-    constexpr static j6_cap_t init_caps = 0;
+    constexpr static j6_cap_t init_caps = j6_cap_system_all;
 
     static constexpr kobject::type type = kobject::type::system;
 

src/kernel/objects/thread.h

@@ -2,6 +2,7 @@
 /// \file thread.h
 /// Definition of thread kobject types
 
+#include <j6/caps.h>
 #include <util/enum_bitfields.h>
 #include <util/linked_list.h>
 #include <util/spinlock.h>
@@ -60,10 +61,10 @@ class thread :
 {
 public:
     /// Capabilities on a newly constructed thread handle
-    constexpr static j6_cap_t creation_caps = 0;
+    constexpr static j6_cap_t creation_caps = j6_cap_thread_all;
 
     /// Capabilities the parent process gets on new thread handles
-    constexpr static j6_cap_t parent_caps = 0;
+    constexpr static j6_cap_t parent_caps = j6_cap_thread_all;
 
     enum class state : uint8_t {
         ready    = 0x01,

src/kernel/objects/vm_area.h

@@ -5,6 +5,7 @@
 #include <stddef.h>
 #include <stdint.h>
 
+#include <j6/caps.h>
 #include <j6/signals.h>
 #include <util/vector.h>
 #include <util/enum_bitfields.h>
@@ -34,7 +35,7 @@ class vm_area :
 {
 public:
     /// Capabilities on a newly constructed vma handle
-    constexpr static j6_cap_t creation_caps = 0;
+    constexpr static j6_cap_t creation_caps = j6_cap_vma_all;
 
     static constexpr kobject::type type = kobject::type::vma;
 

src/kernel/syscall_verify.cpp.cog

@@ -2,6 +2,7 @@
 
 #include <stdint.h>
 #include <arch/memory.h>
+#include <j6/caps.h>
 #include <j6/errors.h>
 #include <j6/types.h>
 #include <util/counted.h>
@@ -36,6 +37,10 @@ using util::buffer;
 /*[[[cog code generation
 cbool = {True: "true", False: "false"}
 
+def get_caps(opts, type):
+    caps = opts.get("cap", list())
+    return [f"j6_cap_{type.name}_{c}" for c in caps]
+
 for id, scope, method in syscalls.methods:
     if scope:
         name = f"{scope.name}_{method.name}"
@@ -58,7 +63,11 @@ for id, scope, method in syscalls.methods:
         argdefs.append("j6_handle_t self")
         cxxargdefs.append(f"obj::{scope.cname} *self")
         args.append("self_obj")
-        handles.append((f"obj::{scope.cname} *", "self", "self_obj"))
+        handles.append((
+            f"obj::{scope.cname} *",
+            "self",
+            "self_obj",
+            get_caps(method.options, scope)))
 
     for param in method.params:
         needs_obj = param.type.needs_object(param.options)
@@ -73,7 +82,7 @@ for id, scope, method in syscalls.methods:
 
             if needs_obj:
                 oarg = f"{arg}_obj"
-                handles.append((type, arg, oarg))
+                handles.append((type, arg, oarg, get_caps(param.options, param.type.object)))
                 args.append(oarg)
             else:
                 args.append(arg)
@@ -94,12 +103,18 @@ for id, scope, method in syscalls.methods:
         cog.outl( "        return j6_err_invalid_arg;")
         cog.outl()
 
-    for type, inarg, outarg in handles:
+    for type, inarg, outarg, caps in handles:
         if type.endswith('*'):
             type = type[:-1].strip()
 
         cog.outl(f"    obj::handle *{inarg}_handle = get_handle<typename {type}>({inarg});")
         cog.outl(f"    if (!{inarg}_handle) return j6_err_invalid_arg;")
+
+        if caps:
+            allcaps = " | ".join(caps)
+            cog.outl(f"    j6_cap_t {inarg}_caps_req = {allcaps};")
+            cog.outl(f"    if (!{inarg}_handle->has_cap({inarg}_caps_req)) return j6_err_denied;")
+
         cog.outl(f"    {type} *{outarg} = {inarg}_handle->as<typename {type}>();")
         cog.outl(f"    if (!{outarg}) return j6_err_invalid_arg;")
         cog.outl()

src/kernel/syscalls/handle.cpp

@@ -0,0 +1,27 @@
+#include <j6/errors.h>
+#include <j6/types.h>
+
+#include "objects/process.h"
+
+using namespace obj;
+
+namespace syscalls {
+
+j6_status_t
+handle_list(j6_handle_t *handles, size_t *handles_len)
+{
+    if (!handles_len || (*handles_len && !handles))
+        return j6_err_invalid_arg;
+
+    process &p = process::current();
+    size_t requested = *handles_len;
+
+    *handles_len = p.list_handles(handles, requested);
+
+    if (*handles_len < requested)
+        return j6_err_insufficient;
+
+    return j6_status_ok;
+}
+
+} // namespace syscalls