Change allowed kernel call bitmap to an array of bitmaps to allow

any number of kernel calls.

Allowed kernel calls are stored in table.c for every image process as a
variably-sized array of allowed calls. This is used to fill the bitmap
of size determined at compile time by the number of kernel calls. This
filling is done by main.c. There is a special call called SYS_ALL_CALLS
which fills the bitmap of allowed calls completely, if that is the only
entry in the array.

diff --git a/kernel/main.c b/kernel/main.c
index e521011b809c9358c963ac20ada485ce3ea04381..5b2707acf6497cdd18604e97273918524549347b 100755 (executable)
--- a/kernel/main.c
+++ b/kernel/main.c
@@ -73,6 +73,8 @@ PUBLIC void main()
   ktsb = (reg_t) t_stack;
 
   for (i=0; i < NR_BOOT_PROCS; ++i) {
+       int ci;
+       bitchunk_t fv;
        ip = &image[i];                         /* process' attributes */
        rp = proc_addr(ip->proc_nr);            /* get process pointer */
        ip->endpoint = rp->p_endpoint;          /* ipc endpoint */
@@ -84,7 +86,23 @@ PUBLIC void main()
        (void) get_priv(rp, (ip->flags & SYS_PROC));    /* assign structure */
        priv(rp)->s_flags = ip->flags;                  /* process flags */
        priv(rp)->s_trap_mask = ip->trap_mask;          /* allowed traps */
-       priv(rp)->s_call_mask = ip->call_mask;          /* kernel call mask */
+
+       /* Initialize call mask bitmap from unordered set.
+        * A single SYS_ALL_CALLS is a special case - it
+        * means all calls are allowed.
+        */
+       if(ip->nr_k_calls == 1 && ip->k_calls[0] == SYS_ALL_CALLS)
+               fv = ~0;                /* fill call mask */
+       else
+               fv = 0;                 /* clear call mask */
+
+       for(ci = 0; ci < CALL_MASK_SIZE; ci++)  /* fill or clear call mask */
+               priv(rp)->s_k_call_mask[ci] = fv;
+       if(!fv)                 /* not all full? enter calls bit by bit */
+               for(ci = 0; ci < ip->nr_k_calls; ci++)
+                       SET_BIT(priv(rp)->s_k_call_mask,
+                               ip->k_calls[ci]-KERNEL_CALL);
+
        priv(rp)->s_ipc_to.chunk[0] = ip->ipc_to;       /* restrict targets */
        if (iskerneln(proc_nr(rp))) {           /* part of the kernel? */ 
                if (ip->stksize > 0) {          /* HARDWARE stack size is 0 */
@@ -185,7 +203,7 @@ PRIVATE void announce(void)
 #if (CHIP == INTEL)
   /* Real mode, or 16/32-bit protected mode? */
   kprintf("Executing in %s mode.\n\n",
-      machine.protected ? "32-bit protected" : "real");
+      machine.prot ? "32-bit protected" : "real");
 #endif
 }
 

diff --git a/kernel/priv.h b/kernel/priv.h
index 02c1d0ca1ac7998deea94ae4e3357a2b728b6e40..78668adedfd7b881020e10e1a5c90de6d06422a2 100755 (executable)
--- a/kernel/priv.h
+++ b/kernel/priv.h
@@ -33,7 +33,10 @@ struct priv {
   short s_trap_mask;           /* allowed system call traps */
   sys_map_t s_ipc_from;                /* allowed callers to receive from */
   sys_map_t s_ipc_to;          /* allowed destination processes */
-  long s_call_mask;            /* allowed kernel calls */
+
+  /* allowed kernel calls */
+#define CALL_MASK_SIZE BITMAP_CHUNKS(NR_SYS_CALLS)
+  bitchunk_t s_k_call_mask[CALL_MASK_SIZE];  
 
   sys_map_t s_notify_pending;          /* bit map with pending notifications */
   irq_id_t s_int_pending;      /* pending hardware interrupts */
@@ -51,6 +54,8 @@ struct priv {
 
   int s_nr_irq;                        /* allowed IRQ lines */
   int s_irq_tab[NR_IRQ];
+  vir_bytes s_grant_table;     /* grant table address of process, or 0 */
+  int s_grant_entries;         /* no. of entries, or 0 */
 };
 
 /* Guard word for task stacks. */

diff --git a/kernel/table.c b/kernel/table.c
index 3460ac1822d353c6d178e7b41cec51c081828164..ec53a04668149de6f7d445905e325c20e4e3ab8f 100755 (executable)
--- a/kernel/table.c
+++ b/kernel/table.c
@@ -65,7 +65,8 @@ PUBLIC char *t_stack[TOT_STACK_SPACE / sizeof(char *)];
  * can be directly copied onto map[0] of the actual send mask. Privilege
  * structure 0 is shared by user processes. 
  */
-#define s(n)           (1 << s_nr_to_id(n))
+#define s(n)   (1 << (s_nr_to_id(n)))
+#define NUL_M   0
 #define SRV_M  (~0)
 #define SYS_M  (~0)
 #define USR_M (s(PM_PROC_NR) | s(FS_PROC_NR) | s(RS_PROC_NR) | s(SYSTEM))
@@ -75,16 +76,24 @@ PUBLIC char *t_stack[TOT_STACK_SPACE / sizeof(char *)];
  * very nice, but we need to define the access rights on a per call basis. 
  * Note that the reincarnation server has all bits on, because it should
  * be allowed to distribute rights to services that it starts. 
+ * 
+ * Calls are unordered lists, converted by the kernel to bitmasks
+ * once at runtime.
  */
-#define c(n)   (1 << ((n)-KERNEL_CALL))
-#define RS_C   ~0      
-#define DS_C   ~0      
-#define PM_C   ~(c(SYS_DEVIO) | c(SYS_SDEVIO) | c(SYS_VDEVIO) | c(SYS_IRQCTL) | c(SYS_INT86))
-#define FS_C   (c(SYS_KILL) | c(SYS_VIRCOPY) | c(SYS_VIRVCOPY) | c(SYS_UMAP) | c(SYS_GETINFO) | c(SYS_EXIT) | c(SYS_TIMES) | c(SYS_SETALARM) | c(SYS_TRACE))
-#define DRV_C (FS_C | c(SYS_SEGCTL) | c(SYS_IRQCTL) | c(SYS_INT86) | c(SYS_DEVIO) | c(SYS_SDEVIO) | c(SYS_VDEVIO))
-#define TTY_C (DRV_C | c(SYS_ABORT) | c(SYS_VM_MAP) | c(SYS_IOPENABLE))
-#define MEM_C  (DRV_C | c(SYS_PHYSCOPY) | c(SYS_PHYSVCOPY) | c(SYS_VM_MAP) | \
-       c(SYS_IOPENABLE))
+#define FS_C SYS_KILL, SYS_VIRCOPY, SYS_SAFECOPYFROM, SYS_SAFECOPYTO, \
+    SYS_VIRVCOPY, SYS_UMAP, SYS_GETINFO, SYS_EXIT, SYS_TIMES, SYS_SETALARM, \
+    SYS_PRIVCTL, SYS_TRACE 
+#define DRV_C  FS_C, SYS_SEGCTL, SYS_IRQCTL, SYS_INT86, SYS_DEVIO, \
+       SYS_SDEVIO, SYS_VDEVIO 
+
+PRIVATE int
+  fs_c[] = { FS_C },
+  pm_c[] = { SYS_ALL_CALLS },
+  rs_c[] = { SYS_ALL_CALLS },
+  ds_c[] = { SYS_ALL_CALLS },
+  drv_c[] = { DRV_C },
+  tty_c[] = { DRV_C, SYS_ABORT, SYS_VM_MAP, SYS_IOPENABLE },
+  mem_c[] = { DRV_C, SYS_PHYSCOPY, SYS_PHYSVCOPY, SYS_VM_MAP, SYS_IOPENABLE };
 
 /* The system image table lists all programs that are part of the boot image. 
  * The order of the entries here MUST agree with the order of the programs
@@ -96,20 +105,23 @@ PUBLIC char *t_stack[TOT_STACK_SPACE / sizeof(char *)];
  *
  * Note: the quantum size must be positive in all cases! 
  */
+#define c(calls) calls, (sizeof(calls) / sizeof((calls)[0]))
+#define no_c { 0 }, 0
+
 PUBLIC struct boot_image image[] = {
-/* process nr,   pc, flags, qs,  queue, stack, traps, ipcto, call,  name */ 
- { IDLE,  idle_task, IDL_F,  8, IDLE_Q, IDL_S,     0,     0,     0, "idle"  },
- { CLOCK,clock_task, TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0,     0, "clock" },
- { SYSTEM, sys_task, TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0,     0, "system"},
- { HARDWARE,      0, TSK_F,  8, TASK_Q, HRD_S,     0,     0,     0, "kernel"},
- { PM_PROC_NR,    0, SRV_F, 32,      3, 0,     SRV_T, SRV_M,  PM_C, "pm"    },
- { FS_PROC_NR,    0, SRV_F, 32,      4, 0,     SRV_T, SRV_M,  FS_C, "fs"    },
- { RS_PROC_NR,    0, SRV_F,  4,      3, 0,     SRV_T, SYS_M,  RS_C, "rs"    },
- { DS_PROC_NR,    0, SRV_F,  4,      3, 0,     SRV_T, SYS_M,  DS_C, "ds"    },
- { TTY_PROC_NR,   0, SRV_F,  4,      1, 0,     SRV_T, SYS_M, TTY_C, "tty"   },
- { MEM_PROC_NR,   0, SRV_F,  4,      2, 0,     SRV_T, SYS_M, MEM_C, "mem"   },
- { LOG_PROC_NR,   0, SRV_F,  4,      2, 0,     SRV_T, SYS_M, DRV_C, "log"   },
- { INIT_PROC_NR,  0, USR_F,  8, USER_Q, 0,     USR_T, USR_M,     0, "init"  },
+/* process nr, pc,flags, qs,  queue, stack, traps, ipcto, call,  name */ 
+{IDLE,  idle_task,IDL_F,  8, IDLE_Q, IDL_S,     0,     0, no_c,"idle"  },
+{CLOCK,clock_task,TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0, no_c,"clock" },
+{SYSTEM, sys_task,TSK_F,  8, TASK_Q, TSK_S, TSK_T,     0, no_c,"system"},
+{HARDWARE,      0,TSK_F,  8, TASK_Q, HRD_S,     0,     0, no_c,"kernel"},
+{PM_PROC_NR,    0,SRV_F, 32,      3, 0,     SRV_T, SRV_M, c(pm_c),"pm"    },
+{FS_PROC_NR,    0,SRV_F, 32,      4, 0,     SRV_T, SRV_M, c(fs_c),"fs"    },
+{RS_PROC_NR,    0,SRV_F,  4,      3, 0,     SRV_T, SYS_M, c(rs_c),"rs"    },
+{DS_PROC_NR,    0,SRV_F,  4,      3, 0,     SRV_T, SYS_M, c(ds_c),"ds"    },
+{TTY_PROC_NR,   0,SRV_F,  4,      1, 0,     SRV_T, SYS_M,c(tty_c),"tty"   },
+{MEM_PROC_NR,   0,SRV_F,  4,      2, 0,     SRV_T, SYS_M,c(mem_c),"memory"},
+{LOG_PROC_NR,   0,SRV_F,  4,      2, 0,     SRV_T, SYS_M,c(drv_c),"log"   },
+{INIT_PROC_NR,  0,USR_F,  8, USER_Q, 0,     USR_T, USR_M, no_c,"init"  },
 };
 
 /* Verify the size of the system image table at compile time. Also verify that 

diff --git a/kernel/type.h b/kernel/type.h
index 0d51f55279afb02a77b7c56ccb23b0149b39bb99..7c5e53d5764bec16c8f26bd75d136a264c01d842 100755 (executable)
--- a/kernel/type.h
+++ b/kernel/type.h
@@ -1,6 +1,8 @@
 #ifndef TYPE_H
 #define TYPE_H
 
+#include <minix/com.h>
+
 typedef _PROTOTYPE( void task_t, (void) );
 
 /* Process table and system property related types. */ 
@@ -19,9 +21,10 @@ struct boot_image {
   int stksize;                         /* stack size for tasks */
   short trap_mask;                     /* allowed system call traps */
   bitchunk_t ipc_to;                   /* send mask protection */
-  long call_mask;                      /* system call protection */
+  int *k_calls;                                /* kern. call protection */
+  int nr_k_calls;
   char proc_name[P_NAME_LEN];          /* name in process table */
-  int endpoint;                                /* endpoint number when started */
+  endpoint_t endpoint;                 /* endpoint number when started */
 };
 
 struct memory {