L4Re Operating System Framework
Interface and Usage Documentation
Loading...
Searching...
No Matches
capability.h
1
2#pragma once
3
4#include <l4/sys/consts.h>
5#include <l4/sys/types.h>
6#include <l4/sys/task.h>
7
8namespace L4 {
9
10class Task;
11class Kobject;
12
13template< typename T > class L4_EXPORT Cap;
14
25class L4_EXPORT Cap_base
26{
27public:
29 enum No_init_type
30 {
34 No_init
35 };
36
44
49 l4_cap_idx_t cap() const noexcept { return _c; }
50
57 bool is_valid() const noexcept { return !(_c & L4_INVALID_CAP_BIT); }
58
62 int invalid_cap_error() const noexcept { return _c & ~L4_INVALID_CAP_BIT; }
63
64 explicit operator bool () const noexcept
65 { return !(_c & L4_INVALID_CAP_BIT); }
66
74 l4_fpage_t fpage(unsigned rights = L4_CAP_FPAGE_RWS) const noexcept
75 { return l4_obj_fpage(_c, 0, rights); }
76
86 l4_umword_t snd_base(unsigned grant = L4_MAP_ITEM_MAP,
87 l4_cap_idx_t base = L4_INVALID_CAP) const noexcept
88 {
89 if (base == L4_INVALID_CAP)
90 base = _c;
91 return l4_map_obj_control(base, grant);
92 }
93
94
98 bool operator == (Cap_base const &o) const noexcept
99 { return _c == o._c; }
100
104 bool operator != (Cap_base const &o) const noexcept
105 { return _c != o._c; }
106
120 inline l4_msgtag_t validate(l4_utcb_t *u = l4_utcb()) const noexcept;
121
136 inline l4_msgtag_t validate(Cap<Task> task,
137 l4_utcb_t *u = l4_utcb()) const noexcept;
138
142 void invalidate() noexcept { _c = L4_INVALID_CAP; }
143protected:
149 explicit Cap_base(l4_cap_idx_t c) noexcept : _c(c) {}
153 explicit Cap_base(Cap_type cap) noexcept : _c(cap) {}
154
160 explicit Cap_base(l4_default_caps_t cap) noexcept : _c(cap) {}
161
165 explicit Cap_base() noexcept {}
166
176 void move(Cap_base const &src) const
177 {
178 if (!is_valid() || !src.is_valid())
179 return;
180
181 l4_task_map(L4_BASE_TASK_CAP, L4_BASE_TASK_CAP, src.fpage(L4_CAP_FPAGE_RWSD),
182 snd_base(L4_MAP_ITEM_GRANT) | L4_FPAGE_C_OBJ_RIGHTS);
183 }
184
192 void copy(Cap_base const &src) const
193 {
194 if (!is_valid() || !src.is_valid())
195 return;
196
197 l4_task_map(L4_BASE_TASK_CAP, L4_BASE_TASK_CAP, src.fpage(L4_CAP_FPAGE_RWSD),
198 snd_base() | L4_FPAGE_C_OBJ_RIGHTS);
199 }
200
203 l4_cap_idx_t _c;
204};
205
206
222template< typename T >
223class L4_EXPORT Cap : public Cap_base
224{
225private:
226 friend class L4::Kobject;
227
239 explicit Cap(T const *p) noexcept
240 : Cap_base(reinterpret_cast<l4_cap_idx_t>(p)) {}
241
242public:
243
250 template< typename From >
251 static void check_convertible_from() noexcept
252 {
253 using To = T;
254 [[maybe_unused]] To* t = static_cast<From*>(nullptr);
255 }
256
263 template< typename From >
264 static void check_castable_from() noexcept
265 {
266 using To = T;
267 [[maybe_unused]] To *t = static_cast<To *>(static_cast<From *>(nullptr));
268 }
269
274 template< typename O >
275 Cap(Cap<O> const &o) noexcept : Cap_base(o.cap())
276 { check_convertible_from<O>(); }
277
282 Cap(Cap_type cap) noexcept : Cap_base(cap) {}
283
288 Cap(l4_default_caps_t cap) noexcept : Cap_base(cap) {}
289
294 explicit Cap(l4_cap_idx_t idx = L4_INVALID_CAP) noexcept : Cap_base(idx) {}
295
299 explicit Cap(No_init_type) noexcept {}
300
307 Cap move(Cap const &src) const
308 {
309 Cap_base::move(src);
310 return *this;
311 }
312
317 Cap copy(Cap const &src) const
318 {
319 Cap_base::copy(src);
320 return *this;
321 }
322
326 T *operator -> () const noexcept { return reinterpret_cast<T*>(_c); }
327};
328
329
340template<>
341class L4_EXPORT Cap<void> : public Cap_base
342{
343public:
344
345 explicit Cap(void const *p) noexcept
346 : Cap_base(reinterpret_cast<l4_cap_idx_t>(p)) {}
347
351 Cap(Cap_type cap) noexcept : Cap_base(cap) {}
352
357 Cap(l4_default_caps_t cap) noexcept : Cap_base(cap) {}
358
363 explicit Cap(l4_cap_idx_t idx = L4_INVALID_CAP) noexcept : Cap_base(idx) {}
364 explicit Cap(No_init_type) noexcept {}
365
366 template< typename From >
367 static void check_convertible_from() noexcept {}
368
369 template< typename From >
370 static void check_castable_from() noexcept {}
371
378 Cap move(Cap const &src) const
379 {
380 Cap_base::move(src);
381 return *this;
382 }
383
388 Cap copy(Cap const &src) const
389 {
390 Cap_base::copy(src);
391 return *this;
392 }
393
394 template< typename T >
395 Cap(Cap<T> const &o) noexcept : Cap_base(o.cap()) {}
396};
397
414template< typename T, typename F >
415inline
416Cap<T> cap_cast(Cap<F> const &c) noexcept
417{
418 Cap<T>::template check_castable_from<F>();
419 return Cap<T>(c.cap());
420}
421
422// gracefully deal with L4::Kobject ambiguity
423template< typename T >
424inline
425Cap<T> cap_cast(Cap<L4::Kobject> const &c) noexcept
426{
427 return Cap<T>(c.cap());
428}
429
445template< typename T, typename F >
446inline
447Cap<T> cap_reinterpret_cast(Cap<F> const &c) noexcept
448{
449 return Cap<T>(c.cap());
450}
451
458class Reply_cap_idx
459{
460 l4_cap_idx_t _i;
461
462public:
463 constexpr explicit Reply_cap_idx() noexcept : _i(L4_INVALID_REPLY_CAP) {}
464 constexpr explicit Reply_cap_idx(l4_cap_idx_t i) noexcept
465 : _i(i | L4_REPLY_CAP_BIT) {}
466
467 constexpr l4_cap_idx_t cap() const noexcept
468 { return _i; }
469
470 explicit constexpr operator l4_cap_idx_t() const noexcept
471 { return _i; }
472
473 explicit constexpr operator bool() const noexcept
474 { return !(_i & L4_INVALID_CAP_BIT); }
475
476 constexpr bool operator==(Reply_cap_idx o) const noexcept
477 { return _i == o._i; }
478
479 constexpr bool operator!=(Reply_cap_idx o) const noexcept
480 { return _i != o._i; }
481};
482
483class Reply_cap;
484
488class Reply_cap_alloc
489{
490 friend class Reply_cap;
491
492public:
493 constexpr Reply_cap_alloc() = default;
494
495 // Attention: do *not* define a destructor! We must keep the class trivially
496 // destructible so that no global destructor is created for
497 // L4Re::Util::reply_cap_alloc.
498 // virtual ~Reply_cap_alloc() = default;
499
500 Reply_cap_alloc(Reply_cap_alloc const &) = delete;
501 Reply_cap_alloc &operator = (Reply_cap_alloc const &) = delete;
502
508 virtual Reply_cap alloc() noexcept = 0;
509
510protected:
518 virtual void free(Reply_cap_idx cap) noexcept = 0;
519};
520
529class Reply_cap
530{
531public:
533 constexpr Reply_cap() noexcept = default;
534
544 constexpr Reply_cap(Reply_cap_idx cap, Reply_cap_alloc *alloc) noexcept
545 : _cap(cap), _alloc(alloc)
546 {}
547
554 ~Reply_cap()
555 { reset(); }
556
557 // not copyable
558 Reply_cap(Reply_cap const &) = delete;
559 Reply_cap &operator=(Reply_cap const &) = delete;
560
561 constexpr Reply_cap(Reply_cap &&o) noexcept
562 : _cap(o._cap), _alloc(o._alloc)
563 {
564 o._cap = Reply_cap_idx();
565 o._alloc = nullptr;
566 }
567
568 Reply_cap &operator=(Reply_cap &&o) noexcept
569 {
570 reset(o._cap, o._alloc);
571 o._cap = Reply_cap_idx();
572 o._alloc = nullptr;
573 return *this;
574 }
575
589 l4_ret_t reply(l4_msgtag_t tag, l4_utcb_t *utcb = l4_utcb()) noexcept
590 {
591 l4_umword_t err = L4_IPC_ENOT_EXISTENT;
592 if (is_valid()) [[likely]]
593 {
594 err = l4_ipc_error(l4_ipc_reply(_cap.cap(), utcb, tag,
595 L4_IPC_BOTH_TIMEOUT_0), utcb);
596 _alloc->free(_cap);
597 _cap = Reply_cap_idx();
598 }
599
600 if (err) [[unlikely]]
601 return l4_ipc_to_errno(err);
602 else
603 return 0;
604 }
605
612 constexpr Reply_cap_idx get() const noexcept
613 { return _cap; }
614
615 constexpr bool is_valid() const noexcept
616 { return static_cast<bool>(_cap); }
617
618 explicit constexpr operator bool () const noexcept
619 { return is_valid(); }
620
621 constexpr bool operator==(Reply_cap const &o) const noexcept
622 { return _cap == o._cap; }
623
624 constexpr bool operator==(Reply_cap_idx o) const noexcept
625 { return _cap == o; }
626
627 constexpr bool operator!=(Reply_cap const &o) const noexcept
628 { return _cap != o._cap; }
629
630 constexpr bool operator!=(Reply_cap_idx o) const noexcept
631 { return _cap != o; }
632
639 void reset(Reply_cap_idx cap = Reply_cap_idx(),
640 Reply_cap_alloc *alloc = nullptr) noexcept
641 {
642 if (is_valid()) [[unlikely]]
643 {
644 // If the reply cap is still valid, reply to the caller that we've
645 // dropped the reply. Should not happen in a well behaved server.
646 auto tag = l4_msgtag(-L4_EDROPREPLY, 0, 0, 0);
647 l4_ipc_reply(_cap.cap(), l4_utcb(), tag, L4_IPC_BOTH_TIMEOUT_0);
648 _alloc->free(_cap);
649 }
650
651 _cap = cap;
652 _alloc = alloc;
653 }
654
655private:
656 Reply_cap_idx _cap = Reply_cap_idx();
657 Reply_cap_alloc *_alloc = nullptr;
658};
659
660}
L4::Cap_base::copy
void copy(Cap_base const &src) const
Copy a capability.
Definition capability.h:192
L4::Cap_base::Cap_base
Cap_base(l4_default_caps_t cap) noexcept
Initialize capability with one of the default capabilities.
Definition capability.h:160
L4::Cap_base::invalidate
void invalidate() noexcept
Set this capability to invalid (L4_INVALID_CAP).
Definition capability.h:142
L4::Cap_base::Cap_base
Cap_base(Cap_type cap) noexcept
Constructor to create an invalid capability.
Definition capability.h:153
L4::Cap_base::fpage
l4_fpage_t fpage(unsigned rights=L4_CAP_FPAGE_RWS) const noexcept
Return flexpage for the capability.
Definition capability.h:74
L4::Cap_base::_c
l4_cap_idx_t _c
The C representation of a capability selector.
Definition capability.h:203
L4::Cap_base::cap
l4_cap_idx_t cap() const noexcept
Return capability selector.
Definition capability.h:49
L4::Cap_base::is_valid
bool is_valid() const noexcept
Test whether the capability is a valid capability index (i.e., not L4_INVALID_CAP).
Definition capability.h:57
L4::Cap_base::move
void move(Cap_base const &src) const
Replace this capability with the contents of src.
Definition capability.h:176
L4::Cap_base::Cap_type
Cap_type
Invalid capability type.
Definition capability.h:41
L4::Cap_base::Invalid
@ Invalid
Invalid capability selector.
Definition capability.h:42
L4::Cap_base::invalid_cap_error
int invalid_cap_error() const noexcept
Return the transported error code in an invalid capability index.
Definition capability.h:62
L4::Cap_base::No_init_type
No_init_type
Special value for uninitialized capability objects.
Definition capability.h:30
L4::Cap_base::No_init
@ No_init
Special value for constructing uninitialized Cap objects.
Definition capability.h:34
L4::Cap_base::Cap_base
Cap_base(l4_cap_idx_t c) noexcept
Generate a capability from its C representation.
Definition capability.h:149
L4::Cap_base::Cap_base
Cap_base() noexcept
Create an uninitialized instance.
Definition capability.h:165
L4::Cap_base::snd_base
l4_umword_t snd_base(unsigned grant=L4_MAP_ITEM_MAP, l4_cap_idx_t base=L4_INVALID_CAP) const noexcept
Return send base.
Definition capability.h:86
L4::Cap
C++ interface for capabilities.
Definition capability.h:224
L4::Cap::copy
Cap copy(Cap const &src) const
Copy a capability to this cap slot.
Definition capability.h:317
L4::Cap::Cap
Cap(l4_cap_idx_t idx=L4_INVALID_CAP) noexcept
Initialize capability, defaults to the invalid capability selector.
Definition capability.h:294
L4::Cap::Cap
Cap(No_init_type) noexcept
Create an uninitialized cap selector.
Definition capability.h:299
L4::Cap::Cap
Cap(Cap_type cap) noexcept
Constructor to create an invalid capability selector.
Definition capability.h:282
L4::Cap::check_castable_from
static void check_castable_from() noexcept
Perform the type conversion that needs to compile in order for a capability of type From te be castab...
Definition capability.h:264
L4::Cap::Cap
Cap(l4_default_caps_t cap) noexcept
Initialize capability with one of the default capability selectors.
Definition capability.h:288
L4::Cap::Cap
Cap(Cap< O > const &o) noexcept
Create a copy from o, supporting implicit type casting.
Definition capability.h:275
L4::Cap::move
Cap move(Cap const &src) const
Move a capability to this cap slot.
Definition capability.h:307
L4::Cap::check_convertible_from
static void check_convertible_from() noexcept
Perform the type conversion that needs to compile in order for a capability of type From to be conver...
Definition capability.h:251
L4::Kobject
Base class for all kinds of kernel objects and remote objects, referenced by capabilities.
Definition kobject:37
L4::Reply_cap_alloc
Interface to a reply capability allocator.
Definition capability.h:489
L4::Reply_cap_alloc::free
virtual void free(Reply_cap_idx cap) noexcept=0
Free reply capability slot.
L4::Reply_cap_alloc::alloc
virtual Reply_cap alloc() noexcept=0
Allocate new reply capability slot.
L4::Reply_cap_idx
Value class for a reply capability index.
Definition capability.h:459
L4::Reply_cap
An explicit reply capability.
Definition capability.h:530
L4::Reply_cap::reply
l4_ret_t reply(l4_msgtag_t tag, l4_utcb_t *utcb=l4_utcb()) noexcept
Reply with this reply capability.
Definition capability.h:589
L4::Reply_cap::get
constexpr Reply_cap_idx get() const noexcept
Get reply capability index.
Definition capability.h:612
L4::Reply_cap::~Reply_cap
~Reply_cap()
Destroy reply capability.
Definition capability.h:554
L4::Reply_cap::reset
void reset(Reply_cap_idx cap=Reply_cap_idx(), Reply_cap_alloc *alloc=nullptr) noexcept
Replace reply capability.
Definition capability.h:639
L4::Reply_cap::Reply_cap
constexpr Reply_cap() noexcept=default
Construct an invalid reply capability.
L4::Task
C++ interface of the Task kernel object, see Task for the C interface.
Definition task:36
L4_FPAGE_C_OBJ_RIGHTS
#define L4_FPAGE_C_OBJ_RIGHTS
All Object-type specific right bits.
Definition __l4_fpage.h:281
l4_umword_t
unsigned long l4_umword_t
Unsigned machine word.
Definition l4int.h:40
l4_cap_idx_t
unsigned long l4_cap_idx_t
Capability selector type.
Definition types.h:357
l4_default_caps_t
l4_default_caps_t
Default capabilities setup for the initial tasks.
Definition consts.h:344
L4_BASE_TASK_CAP
@ L4_BASE_TASK_CAP
Capability selector for the current task.
Definition consts.h:346
L4_EDROPREPLY
@ L4_EDROPREPLY
Server dropped reply capability.
Definition err.h:61
l4_obj_fpage
L4_CONSTEXPR l4_fpage_t l4_obj_fpage(l4_cap_idx_t obj, unsigned int order, unsigned char rights) L4_NOTHROW
Create a kernel-object flexpage.
Definition __l4_fpage.h:731
L4_CAP_FPAGE_RWSD
@ L4_CAP_FPAGE_RWSD
Full rights for capability flexpages.
Definition __l4_fpage.h:212
L4_CAP_FPAGE_RWS
@ L4_CAP_FPAGE_RWS
Read, interface specific 'W', and 'S' rights for capability flexpages.
Definition __l4_fpage.h:206
l4_ipc_reply
l4_msgtag_t l4_ipc_reply(l4_cap_idx_t reply_cap, l4_utcb_t *utcb, l4_msgtag_t tag, l4_timeout_t timeout) L4_NOTHROW
Reply operation (uses a reply capability).
Definition ipc.h:606
l4_ipc_error
l4_umword_t l4_ipc_error(l4_msgtag_t tag, l4_utcb_t *utcb) L4_NOTHROW
Get the IPC error code for an IPC operation.
Definition ipc.h:671
L4_IPC_ENOT_EXISTENT
@ L4_IPC_ENOT_EXISTENT
Non-existing destination or source.
Definition ipc.h:86
l4_map_obj_control
L4_CONSTEXPR l4_umword_t l4_map_obj_control(l4_umword_t spot, unsigned grant) L4_NOTHROW
Create the first word for a map item that is a send item for the object space.
Definition __l4_fpage.h:765
L4_MAP_ITEM_GRANT
@ L4_MAP_ITEM_GRANT
Flag as grant instead of map operation.
Definition consts.h:264
L4_MAP_ITEM_MAP
@ L4_MAP_ITEM_MAP
Flag as usual map operation.
Definition consts.h:266
l4_msgtag
l4_msgtag_t l4_msgtag(long label, unsigned words, unsigned items, unsigned flags) L4_NOTHROW
Create a message tag from the specified values.
Definition types.h:426
l4_task_map
l4_msgtag_t l4_task_map(l4_cap_idx_t dst_task, l4_cap_idx_t src_task, l4_fpage_t snd_fpage, l4_umword_t snd_base) L4_NOTHROW
Map resources available in the source task to a destination task.
Definition task.h:433
L4_IPC_BOTH_TIMEOUT_0
#define L4_IPC_BOTH_TIMEOUT_0
0 receive and send timeout
Definition __timeout.h:79
l4_utcb_t
struct l4_utcb_t l4_utcb_t
Opaque type for the UTCB.
Definition utcb.h:56
l4_utcb
l4_utcb_t * l4_utcb(void) L4_NOTHROW L4_PURE
Get the UTCB address.
Definition utcb.h:369
L4_EXPORT
#define L4_EXPORT
Attribute to mark functions, variables, and data types as being exported from a library.
Definition compiler.h:220
consts.h
Common constants.
L4_INVALID_REPLY_CAP
#define L4_INVALID_REPLY_CAP
Invalid reply capability selector.
Definition consts.h:175
L4_INVALID_CAP
#define L4_INVALID_CAP
Invalid capability selector.
Definition consts.h:152
L4_REPLY_CAP_BIT
#define L4_REPLY_CAP_BIT
Mark this capability selector as index into the reply cap space instead of the regular capability spa...
Definition consts.h:172
l4_ipc_to_errno
L4_CONSTEXPR l4_ret_t l4_ipc_to_errno(unsigned long ipc_error_code) L4_NOTHROW
Get a negative error code for the given IPC error code.
Definition ipc.h:595
task.h
Common task related definitions.
types.h
Common L4 ABI Data Types.
l4_ret_t
l4_int16_t l4_ret_t
Return value of an IPC call as well as an RPC call.
Definition types.h:28
L4
L4 low-level kernel interface.
Definition l4sys-l4f-groups.dox:50
L4::cap_reinterpret_cast
Cap< T > cap_reinterpret_cast(Cap< F > const &c) noexcept
reinterpret_cast for capabilities.
Definition capability.h:447
L4::cap_cast
Cap< T > cap_cast(Cap< F > const &c) noexcept
static_cast for capabilities.
Definition capability.h:416
l4_msgtag_t
Message tag data structure.
Definition types.h:266
l4_fpage_t
L4 flexpage type.
Definition __l4_fpage.h:76