OpenCores
URL https://opencores.org/ocsvn/c0or1k/c0or1k/trunk

Subversion Repositories c0or1k

[/] [c0or1k/] [trunk/] [docs/] [man/] [man7/] [l4_capability_control.7] - Blame information for rev 2

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 2 drasko 
.TH L4_CAPABILITY_CONTROL 7 2009-11-07 "Codezero" "Codezero Programmer's Manual"
2 
.SH NAME
3 
.nf
4 
.BR "l4_capability_control" " - Capability inspection and manipulation"
5 
 
6 
.SH SYNOPSIS
7 
.nf
8 
.B #include
9 
.B #include
10 
 
11 
.BI "int l4_capability_control (unsigned int " "req" ", unsigned int " "flags" ", void *" buf ");
12 
.SH DESCRIPTION
13 
.B l4_capability_control()
14 
enables a thread to read and manipulate the list of capabilities that it possesses. Capabilities may be shared, granted to other threads, or they may be replicated, destroyed, reduced in privileges or split into parts, effectively enabling a dynamically configurable resource management architecture. The thread calling this system call must possess relevant capabilities as any operation done by this call are also subject to capability checking.
15 
.TP
16 
.fi
17 
.I req
18 
denotes the type of request. See below for a full list.
19 
 
20 
.TP
21 
.fi
22 
.I flags
23 
denotes additional flags for the given request. See below for a list of flags.
24 
 
25 
.TP
26 
.fi
27 
.I buf
28 
almost always contains a capability structure that describes the request with regard to given
29 
.IR "req"
30 
and
31 
.IR "flags."
32 
 
33 
.TP
34 
.BR CAP_CONTROL_NCAPS
35 
Get capability count. This is the sum of thread-private capabilities, address space capabilities and container capabilities.
36 
.TP
37 
.BR CAP_CONTROL_READ
38 
Returns an array of
39 
.BI "struct " "capability"
40 
structures in
41 
.I buf.
42 
The number of capabilities in the array should be first obtained by the
43 
.B CAP_CONTROL_NCAPS
44 
request.
45 
.TP
46 
.BR CAP_CONTROL_SHARE
47 
Shares a single capability or list of capabilities with a collection entity such as an address space or a container. If
48 
.B CAP_SHARE_SINGLE
49 
is specified in
50 
.IR "flag",
51 
a single capability is shared.
52 
.BR "CAP_SHARE_ALL_CONTAINER " "makes the caller thread share all of its thread-level and address space-level capability lists with its container. The caller must also be the owner of all of the capabilities, in case of the address space.
53 
.BR "CAP_SHARE_ALL_SPACE " "makes the caller thread share all of its thread-level capabilities with its address space."
54 
 
55 
The sharing must be made with a thread collection entity that contains the capability owner. For example, a capability possessed by a thread may be shared with the thread's address space, or the thread's container. However it is not possible to share a capability in one container with another container. See
56 
.B CAP_CONTROL_REPLICATE
57 
and
58 
.B CAP_CONTROL_GRANT
59 
on other methods of transferring a possessed capability to another entity.
60 
 
61 
.TP
62 
.BR CAP_CONTROL_GRANT
63 
Grants a single capability to a target thread. The granted capability must be described in the
64 
.IR "buf",
65 
field. Since ownership may only be exercised by threads, the grantee must be a thread whose thread id is provided in the
66 
.I owner
67 
field of the capability provided, leaving all other fields intact.
68 
 
69 
Currently,
70 
.BR "CAP_GRANT_SINGLE",
71 
must be provided in the
72 
.I flag
73 
field, as no method has been defined for granting a larger entity than a single capability, i.e. a list of capabilities. To achieve this, a
74 
.B CAP_GRANT_ALL
75 
flag is planned for a future release.
76 
If
77 
.B CAP_GRANT_IMMUTABLE
78 
is specified in the flags, this means the granted capability should be made immutable on-the-fly. This is required as granting needs grant capabilities on the capability, but a granter may want to remove it as it grants it.
79 
.TP
80 
.BR CAP_CONTROL_REPLICATE
81 
Replicates an existing capability. This is useful for expanding capabilities to managed children. For example, a pager may make a replica of its capability to ipc to all threads in the container, deduce the capability to only cover itself as a thread target, and share this with the container. As a result, all threads in the container may ipc to the pager but nobody else, including each other.
82 
.TP
83 
.B CAP_CONTROL_SPLIT
84 
Capabilities are split by taking the diff of resources possessed between capabilities.
85 
.I flags
86 
field may be one of
87 
.BR " CAP_SPLIT_SIZE",
88 
.B CAP_SPLIT_ACCESS
89 
or
90 
.BR "CAP_SPLIT_RANGE",
91 
.RI " by which the capability is either split by its " "size", " access" ", or" " start " and " end" " fields, respectively."
92 
.TP
93 
.BR CAP_CONTROL_DEDUCE
94 
Deduction can be by access permissions, start, end, size fields, or the target resource type. Target resource deduction denotes reducing the applicable space of the target, e.g. from a container to a space in that container. For example, an ipc capability that targets a container may be deduced to one that targets only a single address space, or even a single thread.
95 
.TP
96 
.BR CAP_CONTROL_DESTROY
97 
Destroys a capability.
98 
 
99 
 
100 
.SH RETURN VALUE
101 
.IR "l4_capability_control"()
102 
Returns 0 on success, and negative value on failure. See below for error codes.
103 
 
104 
.SH ERRORS
105 
.TP
106 
.B -EINVAL
107 
when a capability struct is passed in
108 
.IR "buf"
109 
but with invalid fields.
110 
.TP
111 
.B -ENOCAP
112 
when capabilities required don't exist or do not have sufficient privileges.
113 
 
114 
.SH SEE ALSO
115 
.BR "capability"(7)

powered by: WebSVN 2.1.0

© copyright 1999-2025 OpenCores.org, equivalent to Oliscience, all rights reserved. OpenCores®, registered trademark.