[kernel] Make capabilities/handles global

Instead of handles / capabilities having numeric ids that are only valid for the owning process, they are now global in a system capabilities table. This will allow for specifying capabilities in IPC that doesn't need to be kernel-controlled. Processes will still need to be granted access to given capabilities, but that can become a simpler system call than the current method of sending them through mailbox messages (and worse, having to translate every one into a new capability like was the case before). In order to track which handles a process has access to, a new node_set based on node_map allows for an efficient storage and lookup of handles.
2022-10-10 21:19:25 -07:00
parent 41bb97b179
commit 9ac4e51224
27 changed files with 337 additions and 383 deletions
--- a/definitions/memory_layout.yaml
+++ b/definitions/memory_layout.yaml
@@ -13,6 +13,12 @@
 - name: heap
  size: 32G

+- name: capsmap
+  size: 32G
+
+- name: caps
+  size: 32G
+
 - name: stacks
  size: 64G

--- a/definitions/objects/mailbox.def
+++ b/definitions/objects/mailbox.def
@@ -14,9 +14,9 @@ object mailbox : object {
    method close [destructor cap:close]

    # Asynchronously send a message to the reciever
-    method send [cap:send handle] {
+    method send [cap:send] {
        param tag uint64
-        param data buffer [zero_ok]
+        param subtag uint64
        param handles ref object [list]
    }

@@ -24,19 +24,18 @@ object mailbox : object {
    # arrive if block is true.
    method receive [cap:receive] {
        param tag uint64 [out]
-        param data buffer [out zero_ok]
+        param subtag uint64 [out]
        param handles ref object [out list zero_ok]
        param reply_tag uint16 [out optional]
-        param badge uint64 [out optional]
        param flags uint64
    }

    # Send a message to the reciever, and block until a
    # response is sent. Note that getting this response
    # does not require the receive capability.
-    method call [cap:send handle] {
+    method call [cap:send] {
        param tag uint64 [inout]
-        param data buffer [inout zero_ok]
+        param subtag uint64 [inout]
        param handles ref object [inout list zero_ok]
    }

@@ -44,7 +43,7 @@ object mailbox : object {
    # requires the receive capability and not the send capability.
    method respond [cap:receive] {
        param tag uint64
-        param data buffer [zero_ok]
+        param subtag uint64
        param handles ref object [list zero_ok]
        param reply_tag uint16
    }
@@ -54,12 +53,10 @@ object mailbox : object {
    # capability.
    method respond_receive [cap:receive] {
        param tag uint64 [inout]
-        param data buffer [inout zero_ok]
-        param data_in size
+        param subtag uint64 [inout]
        param handles ref object [inout list zero_ok]
        param handles_in size
        param reply_tag uint16 [inout]
-        param badge uint64 [out optional]
        param flags uint64
    }
 }
--- a/definitions/objects/process.def
+++ b/definitions/objects/process.def
@@ -26,6 +26,5 @@ object process : object {
    # object as the specified handle.
    method give_handle {
        param target ref object [handle]          # A handle in the caller process to send
-        param received ref object [out optional]  # The handle as the recipient will see it
    }
 }
--- a/definitions/syscalls.def
+++ b/definitions/syscalls.def
@@ -32,7 +32,7 @@ interface syscalls [syscall] {
    # supplied list is not big enough, will set the size
    # needed in `size` and return j6_err_insufficient
    function handle_list {
-        param handles ref object [list inout zero_ok] # A list of handles to be filled
+        param handles struct handle_descriptor [list inout zero_ok] # A list of handles to be filled
    }

    # Create a clone of an existing handle, possibly with